laceworksdk.api.v2.data_export_rules

Lacework DataExportRules API wrapper.

Module Contents

Classes

DataExportRulesAPI

A class used to represent the Data Export Rules API endpoint
class laceworksdk.api.v2.data_export_rules.DataExportRulesAPI(session)[source]

Bases: laceworksdk.api.crud_endpoint.CrudEndpoint

A class used to represent the Data Export Rules API endpoint

S3 data export allows you to export data collected from your Lacework account and send it to an S3 bucket of your choice. You can extend Lacework processed/normalized data to report/visualize alone or combine with other business/security data to get insights and make meaningful business decisions.

property session

Get the HttpSession instance the object is using.

create(type, filters, intg_guid_list, **request_params)[source]

A method to create a new DataExportRules object.

Parameters:

  • type (str) – The type of data export rule to create. Valid values are: “Dataexport”

  • intg_guid_list (list of str) – The guids of the alert channels for the rule to use

  • filters (dict) –

    A dict containing the fields needed to define the rule. fields are:

    • name (str): The name of the alert

    • enabled (bool|int): Whether the export rule is enabled

    • description (str, optional): The description of the export rule

    • profileVersions (list of str, optional): A list of profile versions

  • request_params (dict, optional) – Use to pass any additional parameters the API

Returns:

The created data export rule

Return type:

dict

get(guid=None)[source]

A method to get data export rules. Using no args will get all rules.

Parameters:

guid (str, optional) – The guid of the rule to get.

Returns:

The requested data export rule(s)

Return type:

dict

get_by_guid(guid)[source]

A method to get an DataExportRules object by GUID.

Parameters:

guid (str) – The guid of the rule to get.

Returns:

The requested data export rule

Return type:

dict

update(guid, filters=None, intg_guid_list=None, **request_params)[source]

A method to update an existing DataExportRules object.

Parameters:

  • guid (str) – The guid of the export rule to update

  • intg_guid_list (list of str) – The guids of the alert channels for the rule to use

  • filters (dict) –

    A dict containing the fields needed to define the rule. fields are:

    • name (str, optional): The name of the alert

    • enabled (bool|int, optional): Whether the export rule is enabled

    • description (str, optional): The description of the export rule

    • profileVersions (list of str, optional): A list of profile versions

  • request_params (dict, optional) – Use to pass any additional parameters the API

Returns:

The updated data export rule

Return type:

dict

delete(guid)[source]

A method to delete a data export rule.

Parameters:

guid (str) – The GUID of the data export rule to delete

Returns:

a Requests response object containing the response code

Return type:

requests.models.Response

search(json=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –

The desired search parameters:

  • timeFilter (dict, optional): A dict containing the time frame for the search:

    • startTime (str): The start time for the search

    • endTime (str): The end time for the search

  • filters (list of dict, optional): Filters based on field contents:

    • field (str): The name of the data field to which the condition applies

    • expression (str): The comparison operator for the filter condition. Valid values are:

    ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”

    • value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.

    • values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.

  • returns (list of str, optional): The fields to return

Returns:

returns a dict containing the search results

Return type:

dict