laceworksdk.api.v2.data_export_rules
Lacework DataExportRules API wrapper.
Module Contents
Classes
A class used to represent the Data Export Rules API endpoint |
- class laceworksdk.api.v2.data_export_rules.DataExportRulesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Data Export Rules API endpoint
S3 data export allows you to export data collected from your Lacework account and send it to an S3 bucket of your choice. You can extend Lacework processed/normalized data to report/visualize alone or combine with other business/security data to get insights and make meaningful business decisions.
- property session
Get the
HttpSession
instance the object is using.
- create(type, filters, intg_guid_list, **request_params)[source]
A method to create a new DataExportRules object.
- Parameters:
type (str) – The type of data export rule to create. Valid values are: “Dataexport”
intg_guid_list (list of str) – The guids of the alert channels for the rule to use
filters (dict) –
A dict containing the fields needed to define the rule. fields are:
name (str): The name of the alert
enabled (bool|int): Whether the export rule is enabled
description (str, optional): The description of the export rule
profileVersions (list of str, optional): A list of profile versions
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The created data export rule
- Return type:
dict
- get(guid=None)[source]
A method to get data export rules. Using no args will get all rules.
- Parameters:
guid (str, optional) – The guid of the rule to get.
- Returns:
The requested data export rule(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get an DataExportRules object by GUID.
- Parameters:
guid (str) – The guid of the rule to get.
- Returns:
The requested data export rule
- Return type:
dict
- update(guid, filters=None, intg_guid_list=None, **request_params)[source]
A method to update an existing DataExportRules object.
- Parameters:
guid (str) – The guid of the export rule to update
intg_guid_list (list of str) – The guids of the alert channels for the rule to use
filters (dict) –
A dict containing the fields needed to define the rule. fields are:
name (str, optional): The name of the alert
enabled (bool|int, optional): Whether the export rule is enabled
description (str, optional): The description of the export rule
profileVersions (list of str, optional): A list of profile versions
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated data export rule
- Return type:
dict
- delete(guid)[source]
A method to delete a data export rule.
- Parameters:
guid (str) – The GUID of the data export rule to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict