laceworksdk.api.v2.alerts

Lacework Alerts API wrapper.

  1# -*- coding: utf-8 -*-
  2"""
  3Lacework Alerts API wrapper.
  4"""
  5
  6from laceworksdk.api.search_endpoint import SearchEndpoint
  7
  8
  9class AlertsAPI(SearchEndpoint):
 10
 11    def __init__(self, session):
 12        """
 13        Initializes the AlertsAPI object.
 14
 15        :param session: An instance of the HttpSession class
 16
 17        :return AlertsAPI object.
 18        """
 19
 20        super().__init__(session, "Alerts")
 21
 22    def get(self,
 23            start_time=None,
 24            end_time=None,
 25            **request_params):
 26        """
 27        A method to get Alerts objects.
 28
 29        :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from.
 30        :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at.
 31        :param request_params: Additional request parameters.
 32            (provides support for parameters that may be added in the future)
 33
 34        :return response json
 35        """
 36
 37        params = self.build_dict_from_items(
 38            request_params,
 39            start_time=start_time,
 40            end_time=end_time
 41        )
 42
 43        response = self._session.get(self.build_url(), params=params)
 44
 45        return response.json()
 46
 47    def get_details(self,
 48                    id,
 49                    scope,
 50                    **request_params):
 51        """
 52        A method to get Alerts objects by ID.
 53
 54        :param id: A string representing the object ID.
 55        :param scope: A string representing the scope of the detailst to return.
 56            ("Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline")
 57        :param request_params: Additional request parameters.
 58            (provides support for parameters that may be added in the future)
 59
 60        :return response json
 61        """
 62
 63        params = self.build_dict_from_items(
 64            request_params,
 65            scope=scope
 66        )
 67
 68        response = self._session.get(self.build_url(id=id), params=params)
 69
 70        return response.json()
 71
 72    def search(self,
 73               json=None):
 74        """
 75        A method to search Alerts objects.
 76
 77        :param json: A dictionary containing the necessary search parameters.
 78            (timeFilter, filters, returns)
 79
 80        :return response json
 81        """
 82
 83        return super().search(json=json)
 84
 85    def comment(self,
 86                id,
 87                comment):
 88        """
 89        A method to comment on an Alerts object.
 90
 91        :param id: A string representing the object ID.
 92        :param comment: A string representing the comment to post.
 93
 94        :return response json
 95        """
 96
 97        json = self.build_dict_from_items(
 98            comment=comment
 99        )
100
101        response = self._session.post(self.build_url(resource=id, action="comment"), json=json)
102
103        return response.json()
104
105    def close(self,
106              id,
107              reason,
108              comment=None):
109        """
110        A method to close an Alerts object.
111
112        :param id: A string representing the object ID.
113        :param reason: An integer representing the close reason.
114            0: Other
115            1: False positive
116            2: Not enough information
117            3: Malicious and have resolution in place
118            4: Expected because of routine testing
119        :param comment: A string representing the comment to post.
120
121        :return response json
122        """
123
124        json = self.build_dict_from_items(
125            reason=reason,
126            comment=comment
127        )
128
129        response = self._session.post(self.build_url(resource=id, action="close"), json=json)
130
131        return response.json()
class AlertsAPI(laceworksdk.api.search_endpoint.SearchEndpoint):
 10class AlertsAPI(SearchEndpoint):
 11
 12    def __init__(self, session):
 13        """
 14        Initializes the AlertsAPI object.
 15
 16        :param session: An instance of the HttpSession class
 17
 18        :return AlertsAPI object.
 19        """
 20
 21        super().__init__(session, "Alerts")
 22
 23    def get(self,
 24            start_time=None,
 25            end_time=None,
 26            **request_params):
 27        """
 28        A method to get Alerts objects.
 29
 30        :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from.
 31        :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at.
 32        :param request_params: Additional request parameters.
 33            (provides support for parameters that may be added in the future)
 34
 35        :return response json
 36        """
 37
 38        params = self.build_dict_from_items(
 39            request_params,
 40            start_time=start_time,
 41            end_time=end_time
 42        )
 43
 44        response = self._session.get(self.build_url(), params=params)
 45
 46        return response.json()
 47
 48    def get_details(self,
 49                    id,
 50                    scope,
 51                    **request_params):
 52        """
 53        A method to get Alerts objects by ID.
 54
 55        :param id: A string representing the object ID.
 56        :param scope: A string representing the scope of the detailst to return.
 57            ("Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline")
 58        :param request_params: Additional request parameters.
 59            (provides support for parameters that may be added in the future)
 60
 61        :return response json
 62        """
 63
 64        params = self.build_dict_from_items(
 65            request_params,
 66            scope=scope
 67        )
 68
 69        response = self._session.get(self.build_url(id=id), params=params)
 70
 71        return response.json()
 72
 73    def search(self,
 74               json=None):
 75        """
 76        A method to search Alerts objects.
 77
 78        :param json: A dictionary containing the necessary search parameters.
 79            (timeFilter, filters, returns)
 80
 81        :return response json
 82        """
 83
 84        return super().search(json=json)
 85
 86    def comment(self,
 87                id,
 88                comment):
 89        """
 90        A method to comment on an Alerts object.
 91
 92        :param id: A string representing the object ID.
 93        :param comment: A string representing the comment to post.
 94
 95        :return response json
 96        """
 97
 98        json = self.build_dict_from_items(
 99            comment=comment
100        )
101
102        response = self._session.post(self.build_url(resource=id, action="comment"), json=json)
103
104        return response.json()
105
106    def close(self,
107              id,
108              reason,
109              comment=None):
110        """
111        A method to close an Alerts object.
112
113        :param id: A string representing the object ID.
114        :param reason: An integer representing the close reason.
115            0: Other
116            1: False positive
117            2: Not enough information
118            3: Malicious and have resolution in place
119            4: Expected because of routine testing
120        :param comment: A string representing the comment to post.
121
122        :return response json
123        """
124
125        json = self.build_dict_from_items(
126            reason=reason,
127            comment=comment
128        )
129
130        response = self._session.post(self.build_url(resource=id, action="close"), json=json)
131
132        return response.json()

A class used to implement Search functionality for Lacework API Endpoints

AlertsAPI(session)
12    def __init__(self, session):
13        """
14        Initializes the AlertsAPI object.
15
16        :param session: An instance of the HttpSession class
17
18        :return AlertsAPI object.
19        """
20
21        super().__init__(session, "Alerts")

Initializes the AlertsAPI object.

Parameters
  • session: An instance of the HttpSession class

:return AlertsAPI object.

def get(self, start_time=None, end_time=None, **request_params):
23    def get(self,
24            start_time=None,
25            end_time=None,
26            **request_params):
27        """
28        A method to get Alerts objects.
29
30        :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from.
31        :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at.
32        :param request_params: Additional request parameters.
33            (provides support for parameters that may be added in the future)
34
35        :return response json
36        """
37
38        params = self.build_dict_from_items(
39            request_params,
40            start_time=start_time,
41            end_time=end_time
42        )
43
44        response = self._session.get(self.build_url(), params=params)
45
46        return response.json()

A method to get Alerts objects.

Parameters
  • start_time: A "%Y-%m-%dT%H:%M: %SZ" structured timestamp to begin from.
  • end_time: A "%Y-%m-%dT%H:%M: %S%Z" structured timestamp to end at.
  • request_params: Additional request parameters. (provides support for parameters that may be added in the future)

:return response json

def get_details(self, id, scope, **request_params):
48    def get_details(self,
49                    id,
50                    scope,
51                    **request_params):
52        """
53        A method to get Alerts objects by ID.
54
55        :param id: A string representing the object ID.
56        :param scope: A string representing the scope of the detailst to return.
57            ("Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline")
58        :param request_params: Additional request parameters.
59            (provides support for parameters that may be added in the future)
60
61        :return response json
62        """
63
64        params = self.build_dict_from_items(
65            request_params,
66            scope=scope
67        )
68
69        response = self._session.get(self.build_url(id=id), params=params)
70
71        return response.json()

A method to get Alerts objects by ID.

Parameters
  • id: A string representing the object ID.
  • scope: A string representing the scope of the detailst to return. ("Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline")
  • request_params: Additional request parameters. (provides support for parameters that may be added in the future)

:return response json

def search(self, json=None):
73    def search(self,
74               json=None):
75        """
76        A method to search Alerts objects.
77
78        :param json: A dictionary containing the necessary search parameters.
79            (timeFilter, filters, returns)
80
81        :return response json
82        """
83
84        return super().search(json=json)

A method to search Alerts objects.

Parameters
  • json: A dictionary containing the necessary search parameters. (timeFilter, filters, returns)

:return response json

def comment(self, id, comment):
 86    def comment(self,
 87                id,
 88                comment):
 89        """
 90        A method to comment on an Alerts object.
 91
 92        :param id: A string representing the object ID.
 93        :param comment: A string representing the comment to post.
 94
 95        :return response json
 96        """
 97
 98        json = self.build_dict_from_items(
 99            comment=comment
100        )
101
102        response = self._session.post(self.build_url(resource=id, action="comment"), json=json)
103
104        return response.json()

A method to comment on an Alerts object.

Parameters
  • id: A string representing the object ID.
  • comment: A string representing the comment to post.

:return response json

def close(self, id, reason, comment=None):
106    def close(self,
107              id,
108              reason,
109              comment=None):
110        """
111        A method to close an Alerts object.
112
113        :param id: A string representing the object ID.
114        :param reason: An integer representing the close reason.
115            0: Other
116            1: False positive
117            2: Not enough information
118            3: Malicious and have resolution in place
119            4: Expected because of routine testing
120        :param comment: A string representing the comment to post.
121
122        :return response json
123        """
124
125        json = self.build_dict_from_items(
126            reason=reason,
127            comment=comment
128        )
129
130        response = self._session.post(self.build_url(resource=id, action="close"), json=json)
131
132        return response.json()

A method to close an Alerts object.

Parameters
  • id: A string representing the object ID.
  • reason: An integer representing the close reason. 0: Other 1: False positive 2: Not enough information 3: Malicious and have resolution in place 4: Expected because of routine testing
  • comment: A string representing the comment to post.

:return response json