laceworksdk.api.v2.vulnerability_policies

Lacework VulnerabilityPolicies API wrapper.

Module Contents

Classes

VulnerabilityPoliciesAPI

A class used to represent the Vulnerabilities Policies API endpoint .
class laceworksdk.api.v2.vulnerability_policies.VulnerabilityPoliciesAPI(session)[source]

Bases: laceworksdk.api.crud_endpoint.CrudEndpoint

A class used to represent the Vulnerabilities Policies API endpoint .

Lacework provides the ability to create container vulnerability policies to assess your container images at build and/or runtime based on your own unique requirements. For example, a policy can be created for any critical vulnerability with a fix available or a policy to target a specific CVE.

property session

Get the HttpSession instance the object is using.

create(policy_type, policy_name, severity, state, filter, props, policy_eval_type=None, fail_on_violation=False, alert_on_violation=False, **request_params)[source]

A method to create a new vulnerability policy.

Parameters:

  • policy_type (str) – The type of the policy. See API documentation for valid values

  • policy_name (str) – The name of the policy.

  • severity (str) – The severity of the policy. Valid values: “Info”, “Low”, “Medium”, “High”, “Critical”

  • state (bool|int) – A boolean representing the state of the policy.

  • filter (dict) –

    The filter data for the policy type specified in the “policyType” field. See API documentation for fields.

  • props (dict) –

    The vulnerability policy’s properties. Fields are:

    • description (str): The property description.

    • createdBy (str): The creator of the property.

    • updatedBy (str): The updater of the property.

  • policy_eval_type (str, optional) – The policy evaluation type. Valid values: “local”

  • fail_on_violation (bool|int, optional) – Whether the policy should fail on violations. (Default = False)

  • alert_on_violation – (bool|int, optional): Whether the policy should alert on violations. (Default = False)

  • request_params (dict, optional) – Use to pass any additional parameters the API

Returns:

The newly created vulnerability policy

Return type:

dict

get(guid=None)[source]

A method to get vulnerability policies. Using no args will get all vulnerability policies.

Parameters:

guid (str, optional) – The GUID of the vulnerability policy to get

Returns:

The requested vulnerability policie(s)

Return type:

dict

get_by_guid(guid)[source]

A method to get a vulnerability policy by GUID.

Parameters:

guid (str) – The GUID of the vulnerability policy to get

Returns:

The requested vulnerability policie(s)

Return type:

dict

update(guid, policy_type=None, policy_name=None, severity=None, state=None, filter=None, props=None, policy_eval_type=None, fail_on_violation=None, alert_on_violation=None, **request_params)[source]

A method to update a VulnerabilityPolicies object.

Parameters:

  • guid (str) – The GUID of the policy to update

  • policy_type (str, optional) –

    The type of the policy. See API documentation for valid values

  • policy_name (str, optional) – The name of the policy.

  • severity (str, optional) – The severity of the policy. Valid values: “Info”, “Low”, “Medium”, “High”, “Critical”

  • state (bool|int, optional) – A boolean representing the state of the policy.

  • filter (dict, optional) –

    The filter data for the policy type specified in the “policyType” field. See API documentation for fields.

  • props (dict) –

    The vulnerability policy’s properties. Fields are:

    • description (str): The property description.

    • createdBy (str): The creator of the property.

    • updatedBy (str): The updater of the property.

  • policy_eval_type (str, optional) – The policy evaluation type. Valid values: “local”

  • fail_on_violation (bool|int, optional) – Whether the policy should fail on violations. (Default = False)

  • alert_on_violation – (bool|int, optional): Whether the policy should alert on violations. (Default = False)

  • request_params (dict, optional) – Use to pass any additional parameters the API

Returns:

updated vulnerability policy

Return type:

dict

delete(guid)[source]

A method to delete a vulnerability policy.

Parameters:

guid (str) – The GUID of the vulnerability policy to delete

Returns:

a Requests response object containing the response code

Return type:

requests.models.Response

search(json=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –

The desired search parameters:

  • timeFilter (dict, optional): A dict containing the time frame for the search:

    • startTime (str): The start time for the search

    • endTime (str): The end time for the search

  • filters (list of dict, optional): Filters based on field contents:

    • field (str): The name of the data field to which the condition applies

    • expression (str): The comparison operator for the filter condition. Valid values are:

    ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”

    • value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.

    • values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.

  • returns (list of str, optional): The fields to return

Returns:

returns a dict containing the search results

Return type:

dict