laceworksdk is a community developed Python library for interacting with the Lacework APIs.
The purpose of this library is to simplify the common tasks required for interacting with the Lacework API, and allow users write simple code to automate tasks related to their Lacework instance(s). From data retrieval to configuration, this library aims to expose all publicly available APIs. For example, the following code would authenticate, fetch events, fetch host vulnerabilities, and fetch container vulnerabilities. The latest version of the SDK supports expressive searches as enabled by v2 of the Lacework APIs.
For more information read the documentation
from laceworksdk import LaceworkClient
lw = LaceworkClient() # This would leverage your default Lacework CLI profile.
lw = LaceworkClient(account="ACCOUNT",
subaccount="SUBACCOUNT",
api_key="API KEY",
api_secret="API SECRET")
events = lw.events.search(json={
"timeFilter": {
"startTime": start_time,
"endTime": end_time
}
})
host_vulns = lw.vulnerabilities.hosts.search(json={
"timeFilter": {
"startTime": start_time,
"endTime": end_time
}
})
container_vulns = lw.vulnerabilities.containers.search(json={
"timeFilter": {
"startTime": start_time,
"endTime": end_time
},
"filters": [
{
"field": "imageId",
"expression": "eq",
"value": "sha256:657922eb2d64b0a34fe7339f8b48afb9f2f44635d7d6eaa92af69591d29b3330"
}
]
})
The following information is required to instantiate a LaceworkClient instance:
account: The Lacework account/organization domain. (xxxxx.lacework.net)api_key: The API Key that was generated from the Lacework UI/API.api_secret: The API Secret that was generated from the Lacework UI/API.Optionally, you can also set a Lacework Sub-Account using the subaccount parameter.
To generate API credentials, you'll need to do the following in Lacework:
If you wish to configure the LaceworkClient instance using environment variables, this module honors the same
variables used by the Lacework CLI. The account, subaccount, api_key, api_secret, api_token, and profile parameters
can all be configured as specified below.
| Environment Variable | Description | Required |
|---|---|---|
LW_PROFILE | Lacework CLI profile to use (configured at ~/.lacework.toml) | N |
LW_ACCOUNT | Lacework account/organization domain (i.e. <account>.lacework.net) | Y |
LW_SUBACCOUNT | Lacework sub-account | N |
LW_API_KEY | Lacework API Access Key | N |
LW_API_SECRET | Lacework API Access Secret | N |
LW_API_TOKEN | Lacework API Token (alternative to key and secret) | N |
NOTE: To authenticate with the Lacework API you must specify either a key and secret OR a token. If you specify both the token will be used.
Installing and upgrading laceworksdk is easy:
Install via PIP
$ pip install laceworksdk
Upgrading to the latest Version
$ pip install laceworksdk --upgrade
Are you looking for some sample scripts? Check out the examples folder!
FAQs
Community-developed Python SDK for the Lacework APIs
We found that laceworksdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.