laceworksdk.api.v2.policies

Lacework Policies API wrapper.

  1# -*- coding: utf-8 -*-
  2"""
  3Lacework Policies API wrapper.
  4"""
  5
  6from laceworksdk.api.crud_endpoint import CrudEndpoint
  7
  8
  9class PoliciesAPI(CrudEndpoint):
 10
 11    def __init__(self, session):
 12        """
 13        Initializes the PoliciesAPI object.
 14
 15        :param session: An instance of the HttpSession class
 16
 17        :return PoliciesAPI object.
 18        """
 19
 20        super().__init__(session, "Policies")
 21
 22    def create(self,
 23               policy_type,
 24               query_id,
 25               enabled,
 26               title,
 27               description,
 28               remediation,
 29               severity,
 30               alert_enabled,
 31               alert_profile,
 32               evaluator_id=None,
 33               limit=None,
 34               eval_frequency=None,
 35               **request_params):
 36        """
 37        A method to create a new Policies object.
 38
 39        :param policy_type: A string representing the object policy type.
 40        :param query_id: A string representing the object query ID.
 41        :param enabled: A boolean representing whether the object is enabled.
 42        :param title: A string representing the object title.
 43        :param description: A string representing the object description.
 44        :param remediation: A string representing the remediation strategy for the object.
 45        :param severity: A string representing the object severity.
 46            ("info", "low", "medium", "high", "critical")
 47        :param alert_enabled: A boolean representing whether alerting is enabled.
 48        :param alert_profile: A string representing the alert profile.
 49        :param evaluator_id: A string representing the evaluator in which the object is to be run.
 50        :param limit: An integer representing the number of results to return.
 51        :param eval_frequency: A string representing the frequency in which to evaluate the object.
 52            ("Hourly", "Daily")
 53        :param request_params: Additional request parameters.
 54            (provides support for parameters that may be added in the future)
 55
 56        :return response json
 57        """
 58
 59        return super().create(
 60            policy_type=policy_type,
 61            query_id=query_id,
 62            enabled=int(bool(enabled)),
 63            title=title,
 64            description=description,
 65            remediation=remediation,
 66            severity=severity,
 67            alert_enabled=alert_enabled,
 68            alert_profile=alert_profile,
 69            evaluator_id=evaluator_id,
 70            limit=limit,
 71            eval_frequency=eval_frequency,
 72            **request_params
 73        )
 74
 75    def get(self,
 76            policy_id=None):
 77        """
 78        A method to get Policies objects.
 79
 80        :param policy_id: A string representing the object policy ID.
 81
 82        :return response json
 83        """
 84
 85        return super().get(id=policy_id)
 86
 87    def get_by_id(self,
 88                  policy_id):
 89        """
 90        A method to get a Policies object by policy ID.
 91
 92        :param policy_id: A string representing the object policy ID.
 93
 94        :return response json
 95        """
 96
 97        return self.get(policy_id=policy_id)
 98
 99    def update(self,  # noqa: C901
100               policy_id,
101               policy_type=None,
102               query_id=None,
103               enabled=None,
104               title=None,
105               description=None,
106               remediation=None,
107               severity=None,
108               alert_enabled=None,
109               alert_profile=None,
110               limit=None,
111               eval_frequency=None,
112               **request_params):
113        """
114        A method to update a Lacework Query Language (LQL) policy.
115
116        :param policy_id: A string representing the object policy ID.
117        :param policy_type: A string representing the object policy type.
118        :param query_id: A string representing the object query ID.
119        :param enabled: A boolean representing whether the object is enabled.
120        :param title: A string representing the object title.
121        :param description: A string representing the object description.
122        :param remediation: A string representing the remediation strategy for the object.
123        :param severity: A string representing the object severity.
124            ("info", "low", "medium", "high", "critical")
125        :param alert_enabled: A boolean representing whether alerting is enabled.
126        :param alert_profile: A string representing the alert profile.
127        :param limit: An integer representing the number of results to return.
128        :param eval_frequency: A string representing the frequency in which to evaluate the object.
129            ("Hourly", "Daily")
130        :param request_params: Additional request parameters.
131            (provides support for parameters that may be added in the future)
132
133        :return response json
134        """
135
136        if enabled is not None:
137            enabled = bool(enabled)
138
139        if alert_enabled is not None:
140            alert_enabled = bool(alert_enabled)
141
142        return super().update(
143            id=policy_id,
144            policy_type=policy_type,
145            query_id=query_id,
146            enabled=enabled,
147            title=title,
148            description=description,
149            remediation=remediation,
150            severity=severity,
151            alert_enabled=alert_enabled,
152            alert_profile=alert_profile,
153            limit=limit,
154            eval_frequency=eval_frequency,
155            **request_params
156        )
157
158    def delete(self,
159               policy_id):
160        """
161        A method to delete a Policies object.
162
163        :param policy_id: A string representing the object policy ID.
164
165        :return response json
166        """
167
168        return super().delete(id=policy_id)
class PoliciesAPI(laceworksdk.api.crud_endpoint.CrudEndpoint):
 10class PoliciesAPI(CrudEndpoint):
 11
 12    def __init__(self, session):
 13        """
 14        Initializes the PoliciesAPI object.
 15
 16        :param session: An instance of the HttpSession class
 17
 18        :return PoliciesAPI object.
 19        """
 20
 21        super().__init__(session, "Policies")
 22
 23    def create(self,
 24               policy_type,
 25               query_id,
 26               enabled,
 27               title,
 28               description,
 29               remediation,
 30               severity,
 31               alert_enabled,
 32               alert_profile,
 33               evaluator_id=None,
 34               limit=None,
 35               eval_frequency=None,
 36               **request_params):
 37        """
 38        A method to create a new Policies object.
 39
 40        :param policy_type: A string representing the object policy type.
 41        :param query_id: A string representing the object query ID.
 42        :param enabled: A boolean representing whether the object is enabled.
 43        :param title: A string representing the object title.
 44        :param description: A string representing the object description.
 45        :param remediation: A string representing the remediation strategy for the object.
 46        :param severity: A string representing the object severity.
 47            ("info", "low", "medium", "high", "critical")
 48        :param alert_enabled: A boolean representing whether alerting is enabled.
 49        :param alert_profile: A string representing the alert profile.
 50        :param evaluator_id: A string representing the evaluator in which the object is to be run.
 51        :param limit: An integer representing the number of results to return.
 52        :param eval_frequency: A string representing the frequency in which to evaluate the object.
 53            ("Hourly", "Daily")
 54        :param request_params: Additional request parameters.
 55            (provides support for parameters that may be added in the future)
 56
 57        :return response json
 58        """
 59
 60        return super().create(
 61            policy_type=policy_type,
 62            query_id=query_id,
 63            enabled=int(bool(enabled)),
 64            title=title,
 65            description=description,
 66            remediation=remediation,
 67            severity=severity,
 68            alert_enabled=alert_enabled,
 69            alert_profile=alert_profile,
 70            evaluator_id=evaluator_id,
 71            limit=limit,
 72            eval_frequency=eval_frequency,
 73            **request_params
 74        )
 75
 76    def get(self,
 77            policy_id=None):
 78        """
 79        A method to get Policies objects.
 80
 81        :param policy_id: A string representing the object policy ID.
 82
 83        :return response json
 84        """
 85
 86        return super().get(id=policy_id)
 87
 88    def get_by_id(self,
 89                  policy_id):
 90        """
 91        A method to get a Policies object by policy ID.
 92
 93        :param policy_id: A string representing the object policy ID.
 94
 95        :return response json
 96        """
 97
 98        return self.get(policy_id=policy_id)
 99
100    def update(self,  # noqa: C901
101               policy_id,
102               policy_type=None,
103               query_id=None,
104               enabled=None,
105               title=None,
106               description=None,
107               remediation=None,
108               severity=None,
109               alert_enabled=None,
110               alert_profile=None,
111               limit=None,
112               eval_frequency=None,
113               **request_params):
114        """
115        A method to update a Lacework Query Language (LQL) policy.
116
117        :param policy_id: A string representing the object policy ID.
118        :param policy_type: A string representing the object policy type.
119        :param query_id: A string representing the object query ID.
120        :param enabled: A boolean representing whether the object is enabled.
121        :param title: A string representing the object title.
122        :param description: A string representing the object description.
123        :param remediation: A string representing the remediation strategy for the object.
124        :param severity: A string representing the object severity.
125            ("info", "low", "medium", "high", "critical")
126        :param alert_enabled: A boolean representing whether alerting is enabled.
127        :param alert_profile: A string representing the alert profile.
128        :param limit: An integer representing the number of results to return.
129        :param eval_frequency: A string representing the frequency in which to evaluate the object.
130            ("Hourly", "Daily")
131        :param request_params: Additional request parameters.
132            (provides support for parameters that may be added in the future)
133
134        :return response json
135        """
136
137        if enabled is not None:
138            enabled = bool(enabled)
139
140        if alert_enabled is not None:
141            alert_enabled = bool(alert_enabled)
142
143        return super().update(
144            id=policy_id,
145            policy_type=policy_type,
146            query_id=query_id,
147            enabled=enabled,
148            title=title,
149            description=description,
150            remediation=remediation,
151            severity=severity,
152            alert_enabled=alert_enabled,
153            alert_profile=alert_profile,
154            limit=limit,
155            eval_frequency=eval_frequency,
156            **request_params
157        )
158
159    def delete(self,
160               policy_id):
161        """
162        A method to delete a Policies object.
163
164        :param policy_id: A string representing the object policy ID.
165
166        :return response json
167        """
168
169        return super().delete(id=policy_id)

A class used to implement CRUD create/read/update/delete functionality for Lacework API Endpoints

PoliciesAPI(session)
12    def __init__(self, session):
13        """
14        Initializes the PoliciesAPI object.
15
16        :param session: An instance of the HttpSession class
17
18        :return PoliciesAPI object.
19        """
20
21        super().__init__(session, "Policies")

Initializes the PoliciesAPI object.

Parameters
  • session: An instance of the HttpSession class

:return PoliciesAPI object.

def create( self, policy_type, query_id, enabled, title, description, remediation, severity, alert_enabled, alert_profile, evaluator_id=None, limit=None, eval_frequency=None, **request_params):
23    def create(self,
24               policy_type,
25               query_id,
26               enabled,
27               title,
28               description,
29               remediation,
30               severity,
31               alert_enabled,
32               alert_profile,
33               evaluator_id=None,
34               limit=None,
35               eval_frequency=None,
36               **request_params):
37        """
38        A method to create a new Policies object.
39
40        :param policy_type: A string representing the object policy type.
41        :param query_id: A string representing the object query ID.
42        :param enabled: A boolean representing whether the object is enabled.
43        :param title: A string representing the object title.
44        :param description: A string representing the object description.
45        :param remediation: A string representing the remediation strategy for the object.
46        :param severity: A string representing the object severity.
47            ("info", "low", "medium", "high", "critical")
48        :param alert_enabled: A boolean representing whether alerting is enabled.
49        :param alert_profile: A string representing the alert profile.
50        :param evaluator_id: A string representing the evaluator in which the object is to be run.
51        :param limit: An integer representing the number of results to return.
52        :param eval_frequency: A string representing the frequency in which to evaluate the object.
53            ("Hourly", "Daily")
54        :param request_params: Additional request parameters.
55            (provides support for parameters that may be added in the future)
56
57        :return response json
58        """
59
60        return super().create(
61            policy_type=policy_type,
62            query_id=query_id,
63            enabled=int(bool(enabled)),
64            title=title,
65            description=description,
66            remediation=remediation,
67            severity=severity,
68            alert_enabled=alert_enabled,
69            alert_profile=alert_profile,
70            evaluator_id=evaluator_id,
71            limit=limit,
72            eval_frequency=eval_frequency,
73            **request_params
74        )

A method to create a new Policies object.

Parameters
  • policy_type: A string representing the object policy type.
  • query_id: A string representing the object query ID.
  • enabled: A boolean representing whether the object is enabled.
  • title: A string representing the object title.
  • description: A string representing the object description.
  • remediation: A string representing the remediation strategy for the object.
  • severity: A string representing the object severity. ("info", "low", "medium", "high", "critical")
  • alert_enabled: A boolean representing whether alerting is enabled.
  • alert_profile: A string representing the alert profile.
  • evaluator_id: A string representing the evaluator in which the object is to be run.
  • limit: An integer representing the number of results to return.
  • eval_frequency: A string representing the frequency in which to evaluate the object. ("Hourly", "Daily")
  • request_params: Additional request parameters. (provides support for parameters that may be added in the future)

:return response json

def get(self, policy_id=None):
76    def get(self,
77            policy_id=None):
78        """
79        A method to get Policies objects.
80
81        :param policy_id: A string representing the object policy ID.
82
83        :return response json
84        """
85
86        return super().get(id=policy_id)

A method to get Policies objects.

Parameters
  • policy_id: A string representing the object policy ID.

:return response json

def get_by_id(self, policy_id):
88    def get_by_id(self,
89                  policy_id):
90        """
91        A method to get a Policies object by policy ID.
92
93        :param policy_id: A string representing the object policy ID.
94
95        :return response json
96        """
97
98        return self.get(policy_id=policy_id)

A method to get a Policies object by policy ID.

Parameters
  • policy_id: A string representing the object policy ID.

:return response json

def update( self, policy_id, policy_type=None, query_id=None, enabled=None, title=None, description=None, remediation=None, severity=None, alert_enabled=None, alert_profile=None, limit=None, eval_frequency=None, **request_params):
100    def update(self,  # noqa: C901
101               policy_id,
102               policy_type=None,
103               query_id=None,
104               enabled=None,
105               title=None,
106               description=None,
107               remediation=None,
108               severity=None,
109               alert_enabled=None,
110               alert_profile=None,
111               limit=None,
112               eval_frequency=None,
113               **request_params):
114        """
115        A method to update a Lacework Query Language (LQL) policy.
116
117        :param policy_id: A string representing the object policy ID.
118        :param policy_type: A string representing the object policy type.
119        :param query_id: A string representing the object query ID.
120        :param enabled: A boolean representing whether the object is enabled.
121        :param title: A string representing the object title.
122        :param description: A string representing the object description.
123        :param remediation: A string representing the remediation strategy for the object.
124        :param severity: A string representing the object severity.
125            ("info", "low", "medium", "high", "critical")
126        :param alert_enabled: A boolean representing whether alerting is enabled.
127        :param alert_profile: A string representing the alert profile.
128        :param limit: An integer representing the number of results to return.
129        :param eval_frequency: A string representing the frequency in which to evaluate the object.
130            ("Hourly", "Daily")
131        :param request_params: Additional request parameters.
132            (provides support for parameters that may be added in the future)
133
134        :return response json
135        """
136
137        if enabled is not None:
138            enabled = bool(enabled)
139
140        if alert_enabled is not None:
141            alert_enabled = bool(alert_enabled)
142
143        return super().update(
144            id=policy_id,
145            policy_type=policy_type,
146            query_id=query_id,
147            enabled=enabled,
148            title=title,
149            description=description,
150            remediation=remediation,
151            severity=severity,
152            alert_enabled=alert_enabled,
153            alert_profile=alert_profile,
154            limit=limit,
155            eval_frequency=eval_frequency,
156            **request_params
157        )

A method to update a Lacework Query Language (LQL) policy.

Parameters
  • policy_id: A string representing the object policy ID.
  • policy_type: A string representing the object policy type.
  • query_id: A string representing the object query ID.
  • enabled: A boolean representing whether the object is enabled.
  • title: A string representing the object title.
  • description: A string representing the object description.
  • remediation: A string representing the remediation strategy for the object.
  • severity: A string representing the object severity. ("info", "low", "medium", "high", "critical")
  • alert_enabled: A boolean representing whether alerting is enabled.
  • alert_profile: A string representing the alert profile.
  • limit: An integer representing the number of results to return.
  • eval_frequency: A string representing the frequency in which to evaluate the object. ("Hourly", "Daily")
  • request_params: Additional request parameters. (provides support for parameters that may be added in the future)

:return response json

def delete(self, policy_id):
159    def delete(self,
160               policy_id):
161        """
162        A method to delete a Policies object.
163
164        :param policy_id: A string representing the object policy ID.
165
166        :return response json
167        """
168
169        return super().delete(id=policy_id)

A method to delete a Policies object.

Parameters
  • policy_id: A string representing the object policy ID.

:return response json