laceworksdk.api.v1.vulnerability

Lacework Vulnerability API wrapper.

  1# -*- coding: utf-8 -*-
  2"""
  3Lacework Vulnerability API wrapper.
  4"""
  5
  6import logging
  7
  8logger = logging.getLogger(__name__)
  9
 10
 11class VulnerabilityAPI:
 12    """
 13    Lacework Vulnerability API.
 14    """
 15
 16    def __init__(self, session):
 17        """
 18        Initializes the VulnerabilityAPI object.
 19
 20        :param session: An instance of the HttpSession class
 21
 22        :return VulnerabilityAPI object.
 23        """
 24
 25        super().__init__()
 26
 27        self._session = session
 28
 29    def get_container_assessments_by_date(self,
 30                                          start_time=None,
 31                                          end_time=None):
 32        """
 33        A method to get a list of container vulnerability assessments for the specified date range.
 34
 35        :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from.
 36        :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at.
 37
 38        :return: response json
 39        """
 40
 41        logger.info("Getting container vulnerability assessments from Lacework...")
 42
 43        # Build the Host Vulnerabilities request URI
 44        api_uri = "/api/v1/external/vulnerabilities/container/GetAssessmentsForDateRange?"
 45
 46        if start_time and end_time:
 47            api_uri += f"&START_TIME={start_time}&END_TIME={end_time}"
 48
 49        response = self._session.get(api_uri)
 50
 51        return response.json()
 52
 53    def get_container_vulnerabilities(self,
 54                                      image_digest=None,
 55                                      image_id=None,
 56                                      severity=None,
 57                                      fixable=None,
 58                                      start_time=None,
 59                                      end_time=None):
 60        """
 61        A method to get the last scan data of the specified container.
 62
 63        :param image_digest: A string representing the container image digest for which to fetch vulnerabilities.
 64        :param image_id: A string representing the container image ID for which to fetch vulnerabilities.
 65        :param severity: A string representing the severity of vulnerabilities to fetch.
 66        :param fixable: A boolean which filters for fixable vulnerabilities.
 67        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
 68        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
 69
 70        :return: response json
 71        """
 72
 73        logger.info("Getting container vulnerabilities from Lacework...")
 74
 75        if image_digest:
 76            # Build the Container Vulnerability request URI
 77            api_uri = f"/api/v1/external/vulnerabilities/container/imageDigest/{image_digest}?"
 78        elif image_id:
 79            # Build the Container Vulnerability request URI
 80            api_uri = f"/api/v1/external/vulnerabilities/container/imageId/{image_id}?"
 81        else:
 82            logger.error("An Image Digest or Image ID must be specified.")
 83            exit()
 84
 85        if fixable is not None:
 86            api_uri += f"&fixable={fixable}"
 87
 88        if severity:
 89            api_uri += f"&severity={severity}"
 90
 91        if start_time and end_time:
 92            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
 93
 94        response = self._session.get(api_uri)
 95
 96        return response.json()
 97
 98    def initiate_container_scan(self,
 99                                registry,
100                                repository,
101                                tag):
102        """
103        A method to initiate a container vulnerability scan.
104
105        :param registry: A string representing the container registry.
106        :param repository: A string representing the container repository.
107        :param tag: A string representing the container tag.
108
109        :return: response json
110        """
111
112        logger.info("Initiating container vulnerability scan in Lacework...")
113
114        # Build the Container Image Scan request URI
115        api_uri = "/api/v1/external/vulnerabilities/container/repository/images/scan"
116
117        data = {
118            "registry": registry,
119            "repository": repository,
120            "tag": tag
121        }
122
123        response = self._session.post(api_uri, data=data)
124
125        return response.json()
126
127    def get_container_scan_status(self,
128                                  request_id,
129                                  severity=None,
130                                  fixable=None):
131        """
132        A method to get the status/results of a container vulnerability scan from Lacework.
133
134        :param request_id: A string representing the request ID to be queried.
135        :param severity: A string representing the severity of vulnerabilities to fetch.
136        :param fixable: A boolean which filters for fixable vulnerabilities.
137
138        :return: response json
139        """
140
141        logger.info("Getting container vulnerability scan status from Lacework...")
142
143        # Build the Container Image Scan request URI
144        api_uri = f"/api/v1/external/vulnerabilities/container/reqId/{request_id}?"
145
146        if fixable is not None:
147            api_uri += f"&fixable={fixable}"
148
149        if severity:
150            api_uri += f"&severity={severity}"
151
152        response = self._session.get(api_uri)
153
154        return response.json()
155
156    def get_host_vulnerabilities(self,
157                                 fixable=None,
158                                 namespace=None,
159                                 severity=None,
160                                 start_time=None,
161                                 end_time=None,
162                                 cve=None):
163        """
164        A method to get the Host Vulnerabilities found by Lacework.
165
166        :param fixable: A boolean which filters for fixable vulnerabilities.
167        :param namespace: A string representing the package namespace for which to filter results.
168        :param severity: A string representing the severity for which to filter returned results.
169        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
170        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
171        :param cve: A string representing the CVE ID for which to filter returned results.
172
173        :return: response json
174        """
175
176        logger.info("Getting host vulnerabilities from Lacework...")
177
178        # Build the Host Vulnerabilities request URI
179        api_uri = "/api/v1/external/vulnerabilities/host?"
180
181        if fixable is not None:
182            api_uri += f"&fixable={fixable}"
183
184        if namespace:
185            api_uri += f"&namespace={namespace}"
186
187        if severity:
188            api_uri += f"&severity={severity}"
189
190        if start_time and end_time:
191            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
192
193        if cve:
194            api_uri += f"&vuln_id={cve}"
195
196        response = self._session.get(api_uri)
197
198        return response.json()
199
200    def get_host_vulnerabilities_by_cve(self,
201                                        cve,
202                                        hostname=None,
203                                        machine_status=None,
204                                        status=None):
205        """
206        A method to get the Host Vulnerabilities by CVE.
207
208        :param cve: A string representing the CVE ID for which to filter returned results.
209        :param hostname: A string representing a hostname for which to filter returned results.
210        :param machine_status: A string representing the machine status for which to filter results.
211        :param status: A string representing a status for which to filter results.
212            ("New", "Active", or "Fixed")
213
214        :return: response json
215        """
216
217        logger.info("Getting host vulnerabilities by CVE from Lacework...")
218
219        # Build the Host Vulnerabilities by CVE URI
220        api_uri = f"/api/v1/external/vulnerabilities/host/cveId/{cve}?"
221
222        if hostname:
223            api_uri += f"&hostname={hostname}"
224
225        if machine_status:
226            api_uri += f"&machine_status={machine_status}"
227
228        if status:
229            if status.capitalize() in ["New", "Active", "Fixed"]:
230                api_uri += f"&status={status}"
231            else:
232                print(f"Invalid status parameter '{status}' provided.")
233                return None
234
235        response = self._session.get(api_uri)
236
237        return response.json()
238
239    def get_host_vulnerabilities_by_machine_id(self,
240                                               machine,
241                                               fixable=None,
242                                               namespace=None,
243                                               severity=None,
244                                               start_time=None,
245                                               end_time=None,
246                                               cve=None):
247        """
248        A method to get the Host Vulnerabilities by Machine ID.
249
250        :param machine: A string representing the Lacework Machine ID.
251        :param fixable: A boolean which filters for fixable vulnerabilities.
252        :param namespace: A string representing the package namespace for which to filter results.
253        :param severity: A string representing a severity for which to filter returned results.
254        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
255        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
256        :param cve: A string representing the CVE ID for which to filter returned results.
257
258        :return: response json
259        """
260
261        logger.info("Getting host vulnerabilities by machine ID from Lacework...")
262
263        # Build the Host Vulnerabilities by Machine ID URI
264        api_uri = f"/api/v1/external/vulnerabilities/host/machineId/{machine}?"
265
266        if fixable is not None:
267            api_uri += f"&fixable={fixable}"
268
269        if namespace:
270            api_uri += f"&namespace={namespace}"
271
272        if severity:
273            api_uri += f"&severity={severity}"
274
275        if start_time and end_time:
276            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
277
278        if cve:
279            api_uri += f"&vuln_id={cve}"
280
281        response = self._session.get(api_uri)
282
283        return response.json()
284
285    def initiate_package_scan(self,
286                              os_pkg_info_list=None,
287                              os=None,
288                              os_version=None,
289                              package=None,
290                              package_version=None):
291        """
292        A method to initiate a package vulnerability scan in Lacework.
293
294        :param os_pkg_info_list: A Lacework PackageScanRequest object.  This is a list of packages to be scanned
295            given the OS, OS Version, Package, and Package Version.  Up to 1,000 packages can be submitted with
296            a single request.
297
298        :param os: A string representing the operating system for which to initiate a scan.
299        :param os_version: A string representing the operating system version(s) for which to initiate a scan.
300        :param package: A string representing the software package for which to initiate a scan.
301        :param package_version: A string representing the software package version(s) for which to initiate a scan.
302
303        :return: response json
304        """
305
306        logger.info("Initiating package vulnerability scan in Lacework...")
307
308        # Build the Host Vulnerabilities request URI
309        api_uri = "/api/v1/external/vulnerabilities/scan"
310
311        # If an os_pkg_info_list was provided, use that, otherwise use the individual parameters
312        if os_pkg_info_list:
313            packages = os_pkg_info_list
314        else:
315            # Make sure all fields were supplied
316            if os and os_version and package and package_version:
317                packages = [{
318                    "os": os,
319                    "os_ver": os_version,
320                    "pkg": package,
321                    "pkg_ver": package_version
322                }]
323            else:
324                logger.error("If no 'os_pkg_info_list' is supplied, all package parameters need to be provided.")
325                exit()
326
327        data = {
328            "os_pkg_info_list": packages
329        }
330
331        response = self._session.post(api_uri, data=data)
332
333        return response.json()
class VulnerabilityAPI:
 12class VulnerabilityAPI:
 13    """
 14    Lacework Vulnerability API.
 15    """
 16
 17    def __init__(self, session):
 18        """
 19        Initializes the VulnerabilityAPI object.
 20
 21        :param session: An instance of the HttpSession class
 22
 23        :return VulnerabilityAPI object.
 24        """
 25
 26        super().__init__()
 27
 28        self._session = session
 29
 30    def get_container_assessments_by_date(self,
 31                                          start_time=None,
 32                                          end_time=None):
 33        """
 34        A method to get a list of container vulnerability assessments for the specified date range.
 35
 36        :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from.
 37        :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at.
 38
 39        :return: response json
 40        """
 41
 42        logger.info("Getting container vulnerability assessments from Lacework...")
 43
 44        # Build the Host Vulnerabilities request URI
 45        api_uri = "/api/v1/external/vulnerabilities/container/GetAssessmentsForDateRange?"
 46
 47        if start_time and end_time:
 48            api_uri += f"&START_TIME={start_time}&END_TIME={end_time}"
 49
 50        response = self._session.get(api_uri)
 51
 52        return response.json()
 53
 54    def get_container_vulnerabilities(self,
 55                                      image_digest=None,
 56                                      image_id=None,
 57                                      severity=None,
 58                                      fixable=None,
 59                                      start_time=None,
 60                                      end_time=None):
 61        """
 62        A method to get the last scan data of the specified container.
 63
 64        :param image_digest: A string representing the container image digest for which to fetch vulnerabilities.
 65        :param image_id: A string representing the container image ID for which to fetch vulnerabilities.
 66        :param severity: A string representing the severity of vulnerabilities to fetch.
 67        :param fixable: A boolean which filters for fixable vulnerabilities.
 68        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
 69        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
 70
 71        :return: response json
 72        """
 73
 74        logger.info("Getting container vulnerabilities from Lacework...")
 75
 76        if image_digest:
 77            # Build the Container Vulnerability request URI
 78            api_uri = f"/api/v1/external/vulnerabilities/container/imageDigest/{image_digest}?"
 79        elif image_id:
 80            # Build the Container Vulnerability request URI
 81            api_uri = f"/api/v1/external/vulnerabilities/container/imageId/{image_id}?"
 82        else:
 83            logger.error("An Image Digest or Image ID must be specified.")
 84            exit()
 85
 86        if fixable is not None:
 87            api_uri += f"&fixable={fixable}"
 88
 89        if severity:
 90            api_uri += f"&severity={severity}"
 91
 92        if start_time and end_time:
 93            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
 94
 95        response = self._session.get(api_uri)
 96
 97        return response.json()
 98
 99    def initiate_container_scan(self,
100                                registry,
101                                repository,
102                                tag):
103        """
104        A method to initiate a container vulnerability scan.
105
106        :param registry: A string representing the container registry.
107        :param repository: A string representing the container repository.
108        :param tag: A string representing the container tag.
109
110        :return: response json
111        """
112
113        logger.info("Initiating container vulnerability scan in Lacework...")
114
115        # Build the Container Image Scan request URI
116        api_uri = "/api/v1/external/vulnerabilities/container/repository/images/scan"
117
118        data = {
119            "registry": registry,
120            "repository": repository,
121            "tag": tag
122        }
123
124        response = self._session.post(api_uri, data=data)
125
126        return response.json()
127
128    def get_container_scan_status(self,
129                                  request_id,
130                                  severity=None,
131                                  fixable=None):
132        """
133        A method to get the status/results of a container vulnerability scan from Lacework.
134
135        :param request_id: A string representing the request ID to be queried.
136        :param severity: A string representing the severity of vulnerabilities to fetch.
137        :param fixable: A boolean which filters for fixable vulnerabilities.
138
139        :return: response json
140        """
141
142        logger.info("Getting container vulnerability scan status from Lacework...")
143
144        # Build the Container Image Scan request URI
145        api_uri = f"/api/v1/external/vulnerabilities/container/reqId/{request_id}?"
146
147        if fixable is not None:
148            api_uri += f"&fixable={fixable}"
149
150        if severity:
151            api_uri += f"&severity={severity}"
152
153        response = self._session.get(api_uri)
154
155        return response.json()
156
157    def get_host_vulnerabilities(self,
158                                 fixable=None,
159                                 namespace=None,
160                                 severity=None,
161                                 start_time=None,
162                                 end_time=None,
163                                 cve=None):
164        """
165        A method to get the Host Vulnerabilities found by Lacework.
166
167        :param fixable: A boolean which filters for fixable vulnerabilities.
168        :param namespace: A string representing the package namespace for which to filter results.
169        :param severity: A string representing the severity for which to filter returned results.
170        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
171        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
172        :param cve: A string representing the CVE ID for which to filter returned results.
173
174        :return: response json
175        """
176
177        logger.info("Getting host vulnerabilities from Lacework...")
178
179        # Build the Host Vulnerabilities request URI
180        api_uri = "/api/v1/external/vulnerabilities/host?"
181
182        if fixable is not None:
183            api_uri += f"&fixable={fixable}"
184
185        if namespace:
186            api_uri += f"&namespace={namespace}"
187
188        if severity:
189            api_uri += f"&severity={severity}"
190
191        if start_time and end_time:
192            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
193
194        if cve:
195            api_uri += f"&vuln_id={cve}"
196
197        response = self._session.get(api_uri)
198
199        return response.json()
200
201    def get_host_vulnerabilities_by_cve(self,
202                                        cve,
203                                        hostname=None,
204                                        machine_status=None,
205                                        status=None):
206        """
207        A method to get the Host Vulnerabilities by CVE.
208
209        :param cve: A string representing the CVE ID for which to filter returned results.
210        :param hostname: A string representing a hostname for which to filter returned results.
211        :param machine_status: A string representing the machine status for which to filter results.
212        :param status: A string representing a status for which to filter results.
213            ("New", "Active", or "Fixed")
214
215        :return: response json
216        """
217
218        logger.info("Getting host vulnerabilities by CVE from Lacework...")
219
220        # Build the Host Vulnerabilities by CVE URI
221        api_uri = f"/api/v1/external/vulnerabilities/host/cveId/{cve}?"
222
223        if hostname:
224            api_uri += f"&hostname={hostname}"
225
226        if machine_status:
227            api_uri += f"&machine_status={machine_status}"
228
229        if status:
230            if status.capitalize() in ["New", "Active", "Fixed"]:
231                api_uri += f"&status={status}"
232            else:
233                print(f"Invalid status parameter '{status}' provided.")
234                return None
235
236        response = self._session.get(api_uri)
237
238        return response.json()
239
240    def get_host_vulnerabilities_by_machine_id(self,
241                                               machine,
242                                               fixable=None,
243                                               namespace=None,
244                                               severity=None,
245                                               start_time=None,
246                                               end_time=None,
247                                               cve=None):
248        """
249        A method to get the Host Vulnerabilities by Machine ID.
250
251        :param machine: A string representing the Lacework Machine ID.
252        :param fixable: A boolean which filters for fixable vulnerabilities.
253        :param namespace: A string representing the package namespace for which to filter results.
254        :param severity: A string representing a severity for which to filter returned results.
255        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
256        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
257        :param cve: A string representing the CVE ID for which to filter returned results.
258
259        :return: response json
260        """
261
262        logger.info("Getting host vulnerabilities by machine ID from Lacework...")
263
264        # Build the Host Vulnerabilities by Machine ID URI
265        api_uri = f"/api/v1/external/vulnerabilities/host/machineId/{machine}?"
266
267        if fixable is not None:
268            api_uri += f"&fixable={fixable}"
269
270        if namespace:
271            api_uri += f"&namespace={namespace}"
272
273        if severity:
274            api_uri += f"&severity={severity}"
275
276        if start_time and end_time:
277            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
278
279        if cve:
280            api_uri += f"&vuln_id={cve}"
281
282        response = self._session.get(api_uri)
283
284        return response.json()
285
286    def initiate_package_scan(self,
287                              os_pkg_info_list=None,
288                              os=None,
289                              os_version=None,
290                              package=None,
291                              package_version=None):
292        """
293        A method to initiate a package vulnerability scan in Lacework.
294
295        :param os_pkg_info_list: A Lacework PackageScanRequest object.  This is a list of packages to be scanned
296            given the OS, OS Version, Package, and Package Version.  Up to 1,000 packages can be submitted with
297            a single request.
298
299        :param os: A string representing the operating system for which to initiate a scan.
300        :param os_version: A string representing the operating system version(s) for which to initiate a scan.
301        :param package: A string representing the software package for which to initiate a scan.
302        :param package_version: A string representing the software package version(s) for which to initiate a scan.
303
304        :return: response json
305        """
306
307        logger.info("Initiating package vulnerability scan in Lacework...")
308
309        # Build the Host Vulnerabilities request URI
310        api_uri = "/api/v1/external/vulnerabilities/scan"
311
312        # If an os_pkg_info_list was provided, use that, otherwise use the individual parameters
313        if os_pkg_info_list:
314            packages = os_pkg_info_list
315        else:
316            # Make sure all fields were supplied
317            if os and os_version and package and package_version:
318                packages = [{
319                    "os": os,
320                    "os_ver": os_version,
321                    "pkg": package,
322                    "pkg_ver": package_version
323                }]
324            else:
325                logger.error("If no 'os_pkg_info_list' is supplied, all package parameters need to be provided.")
326                exit()
327
328        data = {
329            "os_pkg_info_list": packages
330        }
331
332        response = self._session.post(api_uri, data=data)
333
334        return response.json()

Lacework Vulnerability API.

VulnerabilityAPI(session)
17    def __init__(self, session):
18        """
19        Initializes the VulnerabilityAPI object.
20
21        :param session: An instance of the HttpSession class
22
23        :return VulnerabilityAPI object.
24        """
25
26        super().__init__()
27
28        self._session = session

Initializes the VulnerabilityAPI object.

Parameters
  • session: An instance of the HttpSession class

:return VulnerabilityAPI object.

def get_container_assessments_by_date(self, start_time=None, end_time=None):
30    def get_container_assessments_by_date(self,
31                                          start_time=None,
32                                          end_time=None):
33        """
34        A method to get a list of container vulnerability assessments for the specified date range.
35
36        :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from.
37        :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at.
38
39        :return: response json
40        """
41
42        logger.info("Getting container vulnerability assessments from Lacework...")
43
44        # Build the Host Vulnerabilities request URI
45        api_uri = "/api/v1/external/vulnerabilities/container/GetAssessmentsForDateRange?"
46
47        if start_time and end_time:
48            api_uri += f"&START_TIME={start_time}&END_TIME={end_time}"
49
50        response = self._session.get(api_uri)
51
52        return response.json()

A method to get a list of container vulnerability assessments for the specified date range.

Parameters
  • start_time: A "%Y-%m-%dT%H:%M: %SZ" structured timestamp to begin from.
  • end_time: A "%Y-%m-%dT%H:%M: %S%Z" structured timestamp to end at.
Returns

response json

def get_container_vulnerabilities( self, image_digest=None, image_id=None, severity=None, fixable=None, start_time=None, end_time=None):
54    def get_container_vulnerabilities(self,
55                                      image_digest=None,
56                                      image_id=None,
57                                      severity=None,
58                                      fixable=None,
59                                      start_time=None,
60                                      end_time=None):
61        """
62        A method to get the last scan data of the specified container.
63
64        :param image_digest: A string representing the container image digest for which to fetch vulnerabilities.
65        :param image_id: A string representing the container image ID for which to fetch vulnerabilities.
66        :param severity: A string representing the severity of vulnerabilities to fetch.
67        :param fixable: A boolean which filters for fixable vulnerabilities.
68        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
69        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
70
71        :return: response json
72        """
73
74        logger.info("Getting container vulnerabilities from Lacework...")
75
76        if image_digest:
77            # Build the Container Vulnerability request URI
78            api_uri = f"/api/v1/external/vulnerabilities/container/imageDigest/{image_digest}?"
79        elif image_id:
80            # Build the Container Vulnerability request URI
81            api_uri = f"/api/v1/external/vulnerabilities/container/imageId/{image_id}?"
82        else:
83            logger.error("An Image Digest or Image ID must be specified.")
84            exit()
85
86        if fixable is not None:
87            api_uri += f"&fixable={fixable}"
88
89        if severity:
90            api_uri += f"&severity={severity}"
91
92        if start_time and end_time:
93            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
94
95        response = self._session.get(api_uri)
96
97        return response.json()

A method to get the last scan data of the specified container.

Parameters
  • image_digest: A string representing the container image digest for which to fetch vulnerabilities.
  • image_id: A string representing the container image ID for which to fetch vulnerabilities.
  • severity: A string representing the severity of vulnerabilities to fetch.
  • fixable: A boolean which filters for fixable vulnerabilities.
  • start_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to begin from.
  • end_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to end at.
Returns

response json

def initiate_container_scan(self, registry, repository, tag):
 99    def initiate_container_scan(self,
100                                registry,
101                                repository,
102                                tag):
103        """
104        A method to initiate a container vulnerability scan.
105
106        :param registry: A string representing the container registry.
107        :param repository: A string representing the container repository.
108        :param tag: A string representing the container tag.
109
110        :return: response json
111        """
112
113        logger.info("Initiating container vulnerability scan in Lacework...")
114
115        # Build the Container Image Scan request URI
116        api_uri = "/api/v1/external/vulnerabilities/container/repository/images/scan"
117
118        data = {
119            "registry": registry,
120            "repository": repository,
121            "tag": tag
122        }
123
124        response = self._session.post(api_uri, data=data)
125
126        return response.json()

A method to initiate a container vulnerability scan.

Parameters
  • registry: A string representing the container registry.
  • repository: A string representing the container repository.
  • tag: A string representing the container tag.
Returns

response json

def get_container_scan_status(self, request_id, severity=None, fixable=None):
128    def get_container_scan_status(self,
129                                  request_id,
130                                  severity=None,
131                                  fixable=None):
132        """
133        A method to get the status/results of a container vulnerability scan from Lacework.
134
135        :param request_id: A string representing the request ID to be queried.
136        :param severity: A string representing the severity of vulnerabilities to fetch.
137        :param fixable: A boolean which filters for fixable vulnerabilities.
138
139        :return: response json
140        """
141
142        logger.info("Getting container vulnerability scan status from Lacework...")
143
144        # Build the Container Image Scan request URI
145        api_uri = f"/api/v1/external/vulnerabilities/container/reqId/{request_id}?"
146
147        if fixable is not None:
148            api_uri += f"&fixable={fixable}"
149
150        if severity:
151            api_uri += f"&severity={severity}"
152
153        response = self._session.get(api_uri)
154
155        return response.json()

A method to get the status/results of a container vulnerability scan from Lacework.

Parameters
  • request_id: A string representing the request ID to be queried.
  • severity: A string representing the severity of vulnerabilities to fetch.
  • fixable: A boolean which filters for fixable vulnerabilities.
Returns

response json

def get_host_vulnerabilities( self, fixable=None, namespace=None, severity=None, start_time=None, end_time=None, cve=None):
157    def get_host_vulnerabilities(self,
158                                 fixable=None,
159                                 namespace=None,
160                                 severity=None,
161                                 start_time=None,
162                                 end_time=None,
163                                 cve=None):
164        """
165        A method to get the Host Vulnerabilities found by Lacework.
166
167        :param fixable: A boolean which filters for fixable vulnerabilities.
168        :param namespace: A string representing the package namespace for which to filter results.
169        :param severity: A string representing the severity for which to filter returned results.
170        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
171        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
172        :param cve: A string representing the CVE ID for which to filter returned results.
173
174        :return: response json
175        """
176
177        logger.info("Getting host vulnerabilities from Lacework...")
178
179        # Build the Host Vulnerabilities request URI
180        api_uri = "/api/v1/external/vulnerabilities/host?"
181
182        if fixable is not None:
183            api_uri += f"&fixable={fixable}"
184
185        if namespace:
186            api_uri += f"&namespace={namespace}"
187
188        if severity:
189            api_uri += f"&severity={severity}"
190
191        if start_time and end_time:
192            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
193
194        if cve:
195            api_uri += f"&vuln_id={cve}"
196
197        response = self._session.get(api_uri)
198
199        return response.json()

A method to get the Host Vulnerabilities found by Lacework.

Parameters
  • fixable: A boolean which filters for fixable vulnerabilities.
  • namespace: A string representing the package namespace for which to filter results.
  • severity: A string representing the severity for which to filter returned results.
  • start_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to begin from.
  • end_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to end at.
  • cve: A string representing the CVE ID for which to filter returned results.
Returns

response json

def get_host_vulnerabilities_by_cve(self, cve, hostname=None, machine_status=None, status=None):
201    def get_host_vulnerabilities_by_cve(self,
202                                        cve,
203                                        hostname=None,
204                                        machine_status=None,
205                                        status=None):
206        """
207        A method to get the Host Vulnerabilities by CVE.
208
209        :param cve: A string representing the CVE ID for which to filter returned results.
210        :param hostname: A string representing a hostname for which to filter returned results.
211        :param machine_status: A string representing the machine status for which to filter results.
212        :param status: A string representing a status for which to filter results.
213            ("New", "Active", or "Fixed")
214
215        :return: response json
216        """
217
218        logger.info("Getting host vulnerabilities by CVE from Lacework...")
219
220        # Build the Host Vulnerabilities by CVE URI
221        api_uri = f"/api/v1/external/vulnerabilities/host/cveId/{cve}?"
222
223        if hostname:
224            api_uri += f"&hostname={hostname}"
225
226        if machine_status:
227            api_uri += f"&machine_status={machine_status}"
228
229        if status:
230            if status.capitalize() in ["New", "Active", "Fixed"]:
231                api_uri += f"&status={status}"
232            else:
233                print(f"Invalid status parameter '{status}' provided.")
234                return None
235
236        response = self._session.get(api_uri)
237
238        return response.json()

A method to get the Host Vulnerabilities by CVE.

Parameters
  • cve: A string representing the CVE ID for which to filter returned results.
  • hostname: A string representing a hostname for which to filter returned results.
  • machine_status: A string representing the machine status for which to filter results.
  • status: A string representing a status for which to filter results. ("New", "Active", or "Fixed")
Returns

response json

def get_host_vulnerabilities_by_machine_id( self, machine, fixable=None, namespace=None, severity=None, start_time=None, end_time=None, cve=None):
240    def get_host_vulnerabilities_by_machine_id(self,
241                                               machine,
242                                               fixable=None,
243                                               namespace=None,
244                                               severity=None,
245                                               start_time=None,
246                                               end_time=None,
247                                               cve=None):
248        """
249        A method to get the Host Vulnerabilities by Machine ID.
250
251        :param machine: A string representing the Lacework Machine ID.
252        :param fixable: A boolean which filters for fixable vulnerabilities.
253        :param namespace: A string representing the package namespace for which to filter results.
254        :param severity: A string representing a severity for which to filter returned results.
255        :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from.
256        :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at.
257        :param cve: A string representing the CVE ID for which to filter returned results.
258
259        :return: response json
260        """
261
262        logger.info("Getting host vulnerabilities by machine ID from Lacework...")
263
264        # Build the Host Vulnerabilities by Machine ID URI
265        api_uri = f"/api/v1/external/vulnerabilities/host/machineId/{machine}?"
266
267        if fixable is not None:
268            api_uri += f"&fixable={fixable}"
269
270        if namespace:
271            api_uri += f"&namespace={namespace}"
272
273        if severity:
274            api_uri += f"&severity={severity}"
275
276        if start_time and end_time:
277            api_uri += f"&StartTime={start_time}&EndTime={end_time}"
278
279        if cve:
280            api_uri += f"&vuln_id={cve}"
281
282        response = self._session.get(api_uri)
283
284        return response.json()

A method to get the Host Vulnerabilities by Machine ID.

Parameters
  • machine: A string representing the Lacework Machine ID.
  • fixable: A boolean which filters for fixable vulnerabilities.
  • namespace: A string representing the package namespace for which to filter results.
  • severity: A string representing a severity for which to filter returned results.
  • start_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to begin from.
  • end_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to end at.
  • cve: A string representing the CVE ID for which to filter returned results.
Returns

response json

def initiate_package_scan( self, os_pkg_info_list=None, os=None, os_version=None, package=None, package_version=None):
286    def initiate_package_scan(self,
287                              os_pkg_info_list=None,
288                              os=None,
289                              os_version=None,
290                              package=None,
291                              package_version=None):
292        """
293        A method to initiate a package vulnerability scan in Lacework.
294
295        :param os_pkg_info_list: A Lacework PackageScanRequest object.  This is a list of packages to be scanned
296            given the OS, OS Version, Package, and Package Version.  Up to 1,000 packages can be submitted with
297            a single request.
298
299        :param os: A string representing the operating system for which to initiate a scan.
300        :param os_version: A string representing the operating system version(s) for which to initiate a scan.
301        :param package: A string representing the software package for which to initiate a scan.
302        :param package_version: A string representing the software package version(s) for which to initiate a scan.
303
304        :return: response json
305        """
306
307        logger.info("Initiating package vulnerability scan in Lacework...")
308
309        # Build the Host Vulnerabilities request URI
310        api_uri = "/api/v1/external/vulnerabilities/scan"
311
312        # If an os_pkg_info_list was provided, use that, otherwise use the individual parameters
313        if os_pkg_info_list:
314            packages = os_pkg_info_list
315        else:
316            # Make sure all fields were supplied
317            if os and os_version and package and package_version:
318                packages = [{
319                    "os": os,
320                    "os_ver": os_version,
321                    "pkg": package,
322                    "pkg_ver": package_version
323                }]
324            else:
325                logger.error("If no 'os_pkg_info_list' is supplied, all package parameters need to be provided.")
326                exit()
327
328        data = {
329            "os_pkg_info_list": packages
330        }
331
332        response = self._session.post(api_uri, data=data)
333
334        return response.json()

A method to initiate a package vulnerability scan in Lacework.

Parameters
  • os_pkg_info_list: A Lacework PackageScanRequest object. This is a list of packages to be scanned given the OS, OS Version, Package, and Package Version. Up to 1,000 packages can be submitted with a single request.

  • os: A string representing the operating system for which to initiate a scan.

  • os_version: A string representing the operating system version(s) for which to initiate a scan.
  • package: A string representing the software package for which to initiate a scan.
  • package_version: A string representing the software package version(s) for which to initiate a scan.
Returns

response json