laceworksdk.api.v2.policies
Lacework Policies API wrapper.
Module Contents
Classes
A class used to represent the Policies API endpoint |
- class laceworksdk.api.v2.policies.PoliciesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Policies API endpoint
Policies are a mechanism used to add annotated metadata to queries for improving the context of alerts, reports, and information displayed in the Lacework Console. You can fully customize policies.
- property session
Get the
HttpSession
instance the object is using.
- create(policy_type, query_id, enabled, title, description, remediation, severity, alert_enabled, alert_profile, limit=1000, eval_frequency=None, tags=[], **request_params)[source]
A method to create a new Policies object.
- Parameters:
policy_type (str, optional) – The policy type. Valid values are: “Violation”
query_id (str) – The policy query ID.
enabled (bool) – Whether the policy is enabled.
title (str) – The policy title.
description (str) – The policy description.
remediation (str) – The remediation strategy for the object.
severity (str) – A string representing the object severity. Valid values are : “info”, “low”, “medium”, “high”, “critical”
alert_enabled (bool) – A boolean representing whether alerting is enabled.
alert_profile (str, optional) – A string representing the alert profile.
limit (int, optional) – An integer representing the number of results to return. (Default value = 1000)
tags (list of str) – A list of policy tags
eval_frequency (str, optional, deprecated) – A string representing the frequency in which to evaluate the object. Valid values are: “Hourly”, “Daily”
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created policy.
- Return type:
dict
- get(policy_id=None)[source]
A method to get Policies objects. Using no args will get all policies.
- Parameters:
policy_id (str, optional) – A string representing the object policy ID.
- Returns:
The requested policies
- Return type:
dict
- get_by_id(policy_id)[source]
A method to get a Policies object by policy ID.
- Parameters:
policy_id (str) – A string representing the object policy ID.
- Returns:
The requested policy
- Return type:
dict
- update(policy_id, policy_type=None, query_id=None, enabled=None, title=None, description=None, remediation=None, severity=None, alert_enabled=None, alert_profile=None, limit=None, tags=[], eval_frequency=None, **request_params)[source]
A method to update a Lacework Query Language (LQL) policy.
- Parameters:
policy_id (str) – A string representing the object policy ID.
policy_type (str, optional) – The policy type. Valid values are: “Violation”
query_id (str, optional) – The policy query ID.
enabled (bool, optional) – Whether the policy is enabled.
title (str, optional) – The policy title.
description (str, optional) – The policy description.
remediation (str, optional) – The remediation strategy for the object.
severity (str, optional) – A string representing the object severity. Valid values are : “info”, “low”, “medium”, “high”, “critical”
alert_enabled (bool, optional) – A boolean representing whether alerting is enabled.
alert_profile (str, optional) – A string representing the alert profile.
limit (int, optional) – An integer representing the number of results to return. (Default value = 1000)
tags (list of str, optional) – A list of policy tags
eval_frequency (str, optional, deprecated) – A string representing the frequency in which to evaluate the object. Valid values are: “Hourly”, “Daily”
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created policy.
- Return type:
dict
- bulk_update(json)[source]
A method to update Policy objects in bulk.
- Parameters:
json (list of dicts) – A list of dictionaries containing policy configuration. - policyId (str): The ID of the policy. - enabled (bool): The status of the policy. - severity (str): The severity of the policy. Valid values: “info”, “low”, “medium”, “high”, “critical”
- Returns:
The updated policies.
- Return type:
dict
- delete(policy_id)[source]
A method to delete a policy.
- Parameters:
policy_id (str) – A string representing the policy ID.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict