laceworksdk.api.v2.alert_rules

Lacework AlertRules API wrapper.

  1# -*- coding: utf-8 -*-
  2"""
  3Lacework AlertRules API wrapper.
  4"""
  5
  6from laceworksdk.api.crud_endpoint import CrudEndpoint
  7
  8
  9class AlertRulesAPI(CrudEndpoint):
 10
 11    def __init__(self, session):
 12        """
 13        Initializes the AlertRulesAPI object.
 14
 15        :param session: An instance of the HttpSession class
 16
 17        :return AlertRulesAPI object.
 18        """
 19
 20        super().__init__(session, "AlertRules")
 21
 22    def create(self,
 23               type,
 24               filters,
 25               intg_guid_list,
 26               **request_params):
 27        """
 28        A method to create a new AlertRules object.
 29
 30        :param type: A string representing the type of the object.
 31            ('Event')
 32        :param filters: A filter object for the object configuration.
 33            obj:
 34                :param name: A string representing the object name.
 35                :param description: A string representing the object description.
 36                :param enabled: A boolean/integer representing whether the object is enabled.
 37                    (0 or 1)
 38                :param resourceGroups: A list of resource groups to define for the object.
 39                :param eventCategory: A list of event categories to define for the object.
 40                    ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity")
 41                :param severity: A list of alert severities to define for the object.
 42                    (1, 2, 3, 4, 5)
 43        :param intg_guid_list: A list of integration GUIDs representing the alert channels to use.
 44        :param request_params: Additional request parameters.
 45            (provides support for parameters that may be added in the future)
 46
 47        :return response json
 48        """
 49
 50        return super().create(
 51            type=type,
 52            filters=self._format_filters(filters),
 53            intg_guid_list=intg_guid_list,
 54            **request_params
 55        )
 56
 57    def get(self,
 58            guid=None):
 59        """
 60        A method to get AlertRules objects.
 61
 62        :param guid: A string representing the object GUID.
 63
 64        :return response json
 65        """
 66
 67        return super().get(id=guid)
 68
 69    def get_by_guid(self,
 70                    guid):
 71        """
 72        A method to get an AlertRules object by GUID.
 73
 74        :param guid: A string representing the object GUID.
 75
 76        :return response json
 77        """
 78
 79        return self.get(guid=guid)
 80
 81    def update(self,
 82               guid,
 83               type=None,
 84               filters=None,
 85               intg_guid_list=None,
 86               **request_params):
 87        """
 88        A method to update an AlertRules object.
 89
 90        :param guid: A string representing the object GUID.
 91        :param type: A string representing the type of the object.
 92            ('Event')
 93        :param filters: A filter object for the object configuration.
 94            obj:
 95                :param name: A string representing the object name.
 96                :param description: A string representing the object description.
 97                :param enabled: A boolean/integer representing whether the object is enabled.
 98                    (0 or 1)
 99                :param resourceGroups: A list of resource groups to define for the object.
100                :param eventCategory: A list of event categories to define for the object.
101                    ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity")
102                :param severity: A list of alert severities to define for the object.
103                    (1, 2, 3, 4, 5)
104        :param intg_guid_list: A list of integration GUIDs representing the alert channels to use.
105        :param request_params: Additional request parameters.
106            (provides support for parameters that may be added in the future)
107
108        :return response json
109        """
110
111        return super().update(
112            id=guid,
113            type=type,
114            filters=self._format_filters(filters),
115            intg_guid_list=intg_guid_list,
116            **request_params
117        )
118
119    def delete(self,
120               guid):
121        """
122        A method to delete an AlertRules object.
123
124        :param guid: A string representing the object GUID.
125
126        :return response json
127        """
128
129        return super().delete(id=guid)
class AlertRulesAPI(laceworksdk.api.crud_endpoint.CrudEndpoint):
 10class AlertRulesAPI(CrudEndpoint):
 11
 12    def __init__(self, session):
 13        """
 14        Initializes the AlertRulesAPI object.
 15
 16        :param session: An instance of the HttpSession class
 17
 18        :return AlertRulesAPI object.
 19        """
 20
 21        super().__init__(session, "AlertRules")
 22
 23    def create(self,
 24               type,
 25               filters,
 26               intg_guid_list,
 27               **request_params):
 28        """
 29        A method to create a new AlertRules object.
 30
 31        :param type: A string representing the type of the object.
 32            ('Event')
 33        :param filters: A filter object for the object configuration.
 34            obj:
 35                :param name: A string representing the object name.
 36                :param description: A string representing the object description.
 37                :param enabled: A boolean/integer representing whether the object is enabled.
 38                    (0 or 1)
 39                :param resourceGroups: A list of resource groups to define for the object.
 40                :param eventCategory: A list of event categories to define for the object.
 41                    ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity")
 42                :param severity: A list of alert severities to define for the object.
 43                    (1, 2, 3, 4, 5)
 44        :param intg_guid_list: A list of integration GUIDs representing the alert channels to use.
 45        :param request_params: Additional request parameters.
 46            (provides support for parameters that may be added in the future)
 47
 48        :return response json
 49        """
 50
 51        return super().create(
 52            type=type,
 53            filters=self._format_filters(filters),
 54            intg_guid_list=intg_guid_list,
 55            **request_params
 56        )
 57
 58    def get(self,
 59            guid=None):
 60        """
 61        A method to get AlertRules objects.
 62
 63        :param guid: A string representing the object GUID.
 64
 65        :return response json
 66        """
 67
 68        return super().get(id=guid)
 69
 70    def get_by_guid(self,
 71                    guid):
 72        """
 73        A method to get an AlertRules object by GUID.
 74
 75        :param guid: A string representing the object GUID.
 76
 77        :return response json
 78        """
 79
 80        return self.get(guid=guid)
 81
 82    def update(self,
 83               guid,
 84               type=None,
 85               filters=None,
 86               intg_guid_list=None,
 87               **request_params):
 88        """
 89        A method to update an AlertRules object.
 90
 91        :param guid: A string representing the object GUID.
 92        :param type: A string representing the type of the object.
 93            ('Event')
 94        :param filters: A filter object for the object configuration.
 95            obj:
 96                :param name: A string representing the object name.
 97                :param description: A string representing the object description.
 98                :param enabled: A boolean/integer representing whether the object is enabled.
 99                    (0 or 1)
100                :param resourceGroups: A list of resource groups to define for the object.
101                :param eventCategory: A list of event categories to define for the object.
102                    ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity")
103                :param severity: A list of alert severities to define for the object.
104                    (1, 2, 3, 4, 5)
105        :param intg_guid_list: A list of integration GUIDs representing the alert channels to use.
106        :param request_params: Additional request parameters.
107            (provides support for parameters that may be added in the future)
108
109        :return response json
110        """
111
112        return super().update(
113            id=guid,
114            type=type,
115            filters=self._format_filters(filters),
116            intg_guid_list=intg_guid_list,
117            **request_params
118        )
119
120    def delete(self,
121               guid):
122        """
123        A method to delete an AlertRules object.
124
125        :param guid: A string representing the object GUID.
126
127        :return response json
128        """
129
130        return super().delete(id=guid)

A class used to implement CRUD create/read/update/delete functionality for Lacework API Endpoints

AlertRulesAPI(session)
12    def __init__(self, session):
13        """
14        Initializes the AlertRulesAPI object.
15
16        :param session: An instance of the HttpSession class
17
18        :return AlertRulesAPI object.
19        """
20
21        super().__init__(session, "AlertRules")

Initializes the AlertRulesAPI object.

Parameters
  • session: An instance of the HttpSession class

:return AlertRulesAPI object.

def create(self, type, filters, intg_guid_list, **request_params):
23    def create(self,
24               type,
25               filters,
26               intg_guid_list,
27               **request_params):
28        """
29        A method to create a new AlertRules object.
30
31        :param type: A string representing the type of the object.
32            ('Event')
33        :param filters: A filter object for the object configuration.
34            obj:
35                :param name: A string representing the object name.
36                :param description: A string representing the object description.
37                :param enabled: A boolean/integer representing whether the object is enabled.
38                    (0 or 1)
39                :param resourceGroups: A list of resource groups to define for the object.
40                :param eventCategory: A list of event categories to define for the object.
41                    ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity")
42                :param severity: A list of alert severities to define for the object.
43                    (1, 2, 3, 4, 5)
44        :param intg_guid_list: A list of integration GUIDs representing the alert channels to use.
45        :param request_params: Additional request parameters.
46            (provides support for parameters that may be added in the future)
47
48        :return response json
49        """
50
51        return super().create(
52            type=type,
53            filters=self._format_filters(filters),
54            intg_guid_list=intg_guid_list,
55            **request_params
56        )

A method to create a new AlertRules object.

Parameters
  • type: A string representing the type of the object. ('Event')
  • filters: A filter object for the object configuration. obj: :param name: A string representing the object name. :param description: A string representing the object description. :param enabled: A boolean/integer representing whether the object is enabled. (0 or 1) :param resourceGroups: A list of resource groups to define for the object. :param eventCategory: A list of event categories to define for the object. ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") :param severity: A list of alert severities to define for the object. (1, 2, 3, 4, 5)
  • intg_guid_list: A list of integration GUIDs representing the alert channels to use.
  • request_params: Additional request parameters. (provides support for parameters that may be added in the future)

:return response json

def get(self, guid=None):
58    def get(self,
59            guid=None):
60        """
61        A method to get AlertRules objects.
62
63        :param guid: A string representing the object GUID.
64
65        :return response json
66        """
67
68        return super().get(id=guid)

A method to get AlertRules objects.

Parameters
  • guid: A string representing the object GUID.

:return response json

def get_by_guid(self, guid):
70    def get_by_guid(self,
71                    guid):
72        """
73        A method to get an AlertRules object by GUID.
74
75        :param guid: A string representing the object GUID.
76
77        :return response json
78        """
79
80        return self.get(guid=guid)

A method to get an AlertRules object by GUID.

Parameters
  • guid: A string representing the object GUID.

:return response json

def update( self, guid, type=None, filters=None, intg_guid_list=None, **request_params):
 82    def update(self,
 83               guid,
 84               type=None,
 85               filters=None,
 86               intg_guid_list=None,
 87               **request_params):
 88        """
 89        A method to update an AlertRules object.
 90
 91        :param guid: A string representing the object GUID.
 92        :param type: A string representing the type of the object.
 93            ('Event')
 94        :param filters: A filter object for the object configuration.
 95            obj:
 96                :param name: A string representing the object name.
 97                :param description: A string representing the object description.
 98                :param enabled: A boolean/integer representing whether the object is enabled.
 99                    (0 or 1)
100                :param resourceGroups: A list of resource groups to define for the object.
101                :param eventCategory: A list of event categories to define for the object.
102                    ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity")
103                :param severity: A list of alert severities to define for the object.
104                    (1, 2, 3, 4, 5)
105        :param intg_guid_list: A list of integration GUIDs representing the alert channels to use.
106        :param request_params: Additional request parameters.
107            (provides support for parameters that may be added in the future)
108
109        :return response json
110        """
111
112        return super().update(
113            id=guid,
114            type=type,
115            filters=self._format_filters(filters),
116            intg_guid_list=intg_guid_list,
117            **request_params
118        )

A method to update an AlertRules object.

Parameters
  • guid: A string representing the object GUID.
  • type: A string representing the type of the object. ('Event')
  • filters: A filter object for the object configuration. obj: :param name: A string representing the object name. :param description: A string representing the object description. :param enabled: A boolean/integer representing whether the object is enabled. (0 or 1) :param resourceGroups: A list of resource groups to define for the object. :param eventCategory: A list of event categories to define for the object. ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") :param severity: A list of alert severities to define for the object. (1, 2, 3, 4, 5)
  • intg_guid_list: A list of integration GUIDs representing the alert channels to use.
  • request_params: Additional request parameters. (provides support for parameters that may be added in the future)

:return response json

def delete(self, guid):
120    def delete(self,
121               guid):
122        """
123        A method to delete an AlertRules object.
124
125        :param guid: A string representing the object GUID.
126
127        :return response json
128        """
129
130        return super().delete(id=guid)

A method to delete an AlertRules object.

Parameters
  • guid: A string representing the object GUID.

:return response json