laceworksdk.api.v2.alerts
Lacework Alerts API wrapper.
1# -*- coding: utf-8 -*- 2""" 3Lacework Alerts API wrapper. 4""" 5 6from laceworksdk.api.search_endpoint import SearchEndpoint 7 8 9class AlertsAPI(SearchEndpoint): 10 11 def __init__(self, session): 12 """ 13 Initializes the AlertsAPI object. 14 15 :param session: An instance of the HttpSession class 16 17 :return AlertsAPI object. 18 """ 19 20 super().__init__(session, "Alerts") 21 22 def get(self, 23 start_time=None, 24 end_time=None, 25 **request_params): 26 """ 27 A method to get Alerts objects. 28 29 :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. 30 :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. 31 :param request_params: Additional request parameters. 32 (provides support for parameters that may be added in the future) 33 34 :return response json 35 """ 36 37 params = self.build_dict_from_items( 38 request_params, 39 start_time=start_time, 40 end_time=end_time 41 ) 42 43 response = self._session.get(self.build_url(), params=params) 44 45 return response.json() 46 47 def get_details(self, 48 id, 49 scope, 50 **request_params): 51 """ 52 A method to get Alerts objects by ID. 53 54 :param id: A string representing the object ID. 55 :param scope: A string representing the scope of the detailst to return. 56 ("Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline") 57 :param request_params: Additional request parameters. 58 (provides support for parameters that may be added in the future) 59 60 :return response json 61 """ 62 63 params = self.build_dict_from_items( 64 request_params, 65 scope=scope 66 ) 67 68 response = self._session.get(self.build_url(id=id), params=params) 69 70 return response.json() 71 72 def search(self, 73 json=None): 74 """ 75 A method to search Alerts objects. 76 77 :param json: A dictionary containing the necessary search parameters. 78 (timeFilter, filters, returns) 79 80 :return response json 81 """ 82 83 return super().search(json=json) 84 85 def comment(self, 86 id, 87 comment): 88 """ 89 A method to comment on an Alerts object. 90 91 :param id: A string representing the object ID. 92 :param comment: A string representing the comment to post. 93 94 :return response json 95 """ 96 97 json = self.build_dict_from_items( 98 comment=comment 99 ) 100 101 response = self._session.post(self.build_url(resource=id, action="comment"), json=json) 102 103 return response.json() 104 105 def close(self, 106 id, 107 reason, 108 comment=None): 109 """ 110 A method to close an Alerts object. 111 112 :param id: A string representing the object ID. 113 :param reason: An integer representing the close reason. 114 0: Other 115 1: False positive 116 2: Not enough information 117 3: Malicious and have resolution in place 118 4: Expected because of routine testing 119 :param comment: A string representing the comment to post. 120 121 :return response json 122 """ 123 124 json = self.build_dict_from_items( 125 reason=reason, 126 comment=comment 127 ) 128 129 response = self._session.post(self.build_url(resource=id, action="close"), json=json) 130 131 return response.json()
10class AlertsAPI(SearchEndpoint): 11 12 def __init__(self, session): 13 """ 14 Initializes the AlertsAPI object. 15 16 :param session: An instance of the HttpSession class 17 18 :return AlertsAPI object. 19 """ 20 21 super().__init__(session, "Alerts") 22 23 def get(self, 24 start_time=None, 25 end_time=None, 26 **request_params): 27 """ 28 A method to get Alerts objects. 29 30 :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. 31 :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. 32 :param request_params: Additional request parameters. 33 (provides support for parameters that may be added in the future) 34 35 :return response json 36 """ 37 38 params = self.build_dict_from_items( 39 request_params, 40 start_time=start_time, 41 end_time=end_time 42 ) 43 44 response = self._session.get(self.build_url(), params=params) 45 46 return response.json() 47 48 def get_details(self, 49 id, 50 scope, 51 **request_params): 52 """ 53 A method to get Alerts objects by ID. 54 55 :param id: A string representing the object ID. 56 :param scope: A string representing the scope of the detailst to return. 57 ("Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline") 58 :param request_params: Additional request parameters. 59 (provides support for parameters that may be added in the future) 60 61 :return response json 62 """ 63 64 params = self.build_dict_from_items( 65 request_params, 66 scope=scope 67 ) 68 69 response = self._session.get(self.build_url(id=id), params=params) 70 71 return response.json() 72 73 def search(self, 74 json=None): 75 """ 76 A method to search Alerts objects. 77 78 :param json: A dictionary containing the necessary search parameters. 79 (timeFilter, filters, returns) 80 81 :return response json 82 """ 83 84 return super().search(json=json) 85 86 def comment(self, 87 id, 88 comment): 89 """ 90 A method to comment on an Alerts object. 91 92 :param id: A string representing the object ID. 93 :param comment: A string representing the comment to post. 94 95 :return response json 96 """ 97 98 json = self.build_dict_from_items( 99 comment=comment 100 ) 101 102 response = self._session.post(self.build_url(resource=id, action="comment"), json=json) 103 104 return response.json() 105 106 def close(self, 107 id, 108 reason, 109 comment=None): 110 """ 111 A method to close an Alerts object. 112 113 :param id: A string representing the object ID. 114 :param reason: An integer representing the close reason. 115 0: Other 116 1: False positive 117 2: Not enough information 118 3: Malicious and have resolution in place 119 4: Expected because of routine testing 120 :param comment: A string representing the comment to post. 121 122 :return response json 123 """ 124 125 json = self.build_dict_from_items( 126 reason=reason, 127 comment=comment 128 ) 129 130 response = self._session.post(self.build_url(resource=id, action="close"), json=json) 131 132 return response.json()
A class used to implement Search functionality for Lacework API Endpoints
AlertsAPI(session)
12 def __init__(self, session): 13 """ 14 Initializes the AlertsAPI object. 15 16 :param session: An instance of the HttpSession class 17 18 :return AlertsAPI object. 19 """ 20 21 super().__init__(session, "Alerts")
Initializes the AlertsAPI object.
Parameters
- session: An instance of the HttpSession class
:return AlertsAPI object.
def
get(self, start_time=None, end_time=None, **request_params):
23 def get(self, 24 start_time=None, 25 end_time=None, 26 **request_params): 27 """ 28 A method to get Alerts objects. 29 30 :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. 31 :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. 32 :param request_params: Additional request parameters. 33 (provides support for parameters that may be added in the future) 34 35 :return response json 36 """ 37 38 params = self.build_dict_from_items( 39 request_params, 40 start_time=start_time, 41 end_time=end_time 42 ) 43 44 response = self._session.get(self.build_url(), params=params) 45 46 return response.json()
A method to get Alerts objects.
Parameters
- start_time: A "%Y-%m-%dT%H:%M: %SZ" structured timestamp to begin from.
- end_time: A "%Y-%m-%dT%H:%M: %S%Z" structured timestamp to end at.
- request_params: Additional request parameters. (provides support for parameters that may be added in the future)
:return response json
def
get_details(self, id, scope, **request_params):
48 def get_details(self, 49 id, 50 scope, 51 **request_params): 52 """ 53 A method to get Alerts objects by ID. 54 55 :param id: A string representing the object ID. 56 :param scope: A string representing the scope of the detailst to return. 57 ("Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline") 58 :param request_params: Additional request parameters. 59 (provides support for parameters that may be added in the future) 60 61 :return response json 62 """ 63 64 params = self.build_dict_from_items( 65 request_params, 66 scope=scope 67 ) 68 69 response = self._session.get(self.build_url(id=id), params=params) 70 71 return response.json()
A method to get Alerts objects by ID.
Parameters
- id: A string representing the object ID.
- scope: A string representing the scope of the detailst to return. ("Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline")
- request_params: Additional request parameters. (provides support for parameters that may be added in the future)
:return response json
def
search(self, json=None):
73 def search(self, 74 json=None): 75 """ 76 A method to search Alerts objects. 77 78 :param json: A dictionary containing the necessary search parameters. 79 (timeFilter, filters, returns) 80 81 :return response json 82 """ 83 84 return super().search(json=json)
A method to search Alerts objects.
Parameters
- json: A dictionary containing the necessary search parameters. (timeFilter, filters, returns)
:return response json
def
comment(self, id, comment):
86 def comment(self, 87 id, 88 comment): 89 """ 90 A method to comment on an Alerts object. 91 92 :param id: A string representing the object ID. 93 :param comment: A string representing the comment to post. 94 95 :return response json 96 """ 97 98 json = self.build_dict_from_items( 99 comment=comment 100 ) 101 102 response = self._session.post(self.build_url(resource=id, action="comment"), json=json) 103 104 return response.json()
A method to comment on an Alerts object.
Parameters
- id: A string representing the object ID.
- comment: A string representing the comment to post.
:return response json
def
close(self, id, reason, comment=None):
106 def close(self, 107 id, 108 reason, 109 comment=None): 110 """ 111 A method to close an Alerts object. 112 113 :param id: A string representing the object ID. 114 :param reason: An integer representing the close reason. 115 0: Other 116 1: False positive 117 2: Not enough information 118 3: Malicious and have resolution in place 119 4: Expected because of routine testing 120 :param comment: A string representing the comment to post. 121 122 :return response json 123 """ 124 125 json = self.build_dict_from_items( 126 reason=reason, 127 comment=comment 128 ) 129 130 response = self._session.post(self.build_url(resource=id, action="close"), json=json) 131 132 return response.json()
A method to close an Alerts object.
Parameters
- id: A string representing the object ID.
- reason: An integer representing the close reason. 0: Other 1: False positive 2: Not enough information 3: Malicious and have resolution in place 4: Expected because of routine testing
- comment: A string representing the comment to post.
:return response json