`laceworksdk.api.v2.entities`

Lacework Entities API wrapper.

Module Contents

Classes

EntitiesAPI

A class used to represent the Entities API endpoint

class laceworksdk.api.v2.entities.EntitiesAPI(session)[source]

A class used to represent the Entities API endpoint

The Entities API endpoint is simply a parent for different types of entities that can be queried.

Attributes:

applications:: A ApplicationsAPI instance.
command_lines:: A CommandLinesAPI instance.
containers:: A ContainersAPI instance.
files:: A FilesAPI instance.
images:: A ImagesAPI instance.
internal_ip_addresses:: A InternalIPAddressesAPI instance.
k8s_pods:: A K8sPodsAPI instance.
machines:: A MachinesAPI instance.
machine_details:: A MachineDetailsAPI instance.
network_interfaces:: A NetworkInterfacesAPI instance.
new_file_hashes:: A NewFileHashesAPI instance.
packages:: A PackagesAPI instance.
processes:: A ProcessesAPI instance.
users:: A UsersAPI instance.

class ApplicationsAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Applications API endpoint.

Methods:

search(json=None): A method to search Applications objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class CommandLinesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Command Lines API endpoint.

Methods:

search(json=None): A method to search CommandLines objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class ContainersAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Containers API endpoint.

Methods:

search(json=None): A method to search Containers objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class FilesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Files API endpoint.

Methods:

search(json=None): A method to search Files objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class ImagesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Images API endpoint.

Methods:

search(json=None): A method to search Images objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class InternalIPAddressesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Internal IP Addresses API endpoint.

Methods:

search(json=None): A method to search InternalIPAddresses objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class K8sPodsAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the K8s Pods API endpoint.

Methods:

search(json=None): A method to search K8sPods objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class MachinesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Machines API endpoint.

Methods:

search(json=None): A method to search Machines objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class MachineDetailsAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Machine Details API endpoint.

Methods:

search(json=None): A method to search MachineDetails objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class NetworkInterfacesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Network Interfaces API endpoint.

Methods:

search(json=None): A method to search NetworkInterfaces objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class NewFileHashesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the New File Hashes API endpoint.

Methods:

search(json=None): A method to search NewFileHashes objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class PackagesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Packages API endpoint.

Methods:

search(json=None): A method to search Packages objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class ProcessesAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Processes API endpoint.

Methods:

search(json=None): A method to search Processes objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

class UsersAPI(session, object_type, endpoint_root='/api/v2')[source]

Bases: laceworksdk.api.search_endpoint.SearchEndpoint

A class used to represent the Users API endpoint.

Methods:

search(json=None): A method to search Users objects.

property session: Get the HttpSession instance the object is using.

search(json=None, resource=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –
The desired search parameters:
- timeFilter (dict, optional): A dict containing the time frame for the search:
  - startTime (str): The start time for the search
  - endTime (str): The end time for the search
- filters (list of dict, optional): Filters based on field contents:
  - field (str): The name of the data field to which the condition applies
  - expression (str): The comparison operator for the filter condition. Valid values are:
  ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
  - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
  - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)

Yields:

dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.

laceworksdk.api.v2.entities

Module Contents

Classes

Attributes:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

Methods:

`laceworksdk.api.v2.entities`