laceworksdk

Lacework Python SDK

laceworksdk is a community developed Python library for interacting with the Lacework APIs.

The purpose of this library is to simplify the common tasks required for interacting with the Lacework API, and allow users write simple code to automate tasks related to their Lacework instance(s). From data retrieval to configuration, this library aims to expose all publicly available APIs. For example, the following code would authenticate, fetch events, fetch host vulnerabilities, and fetch container vulnerabilities. The latest version of the SDK supports expressive searches as enabled by v2 of the Lacework APIs.

For more information read the documentation

from laceworksdk import LaceworkClient

lw = LaceworkClient() # This would leverage your default Lacework CLI profile.
lw = LaceworkClient(account="ACCOUNT",
                    subaccount="SUBACCOUNT",
                    api_key="API KEY",
                    api_secret="API SECRET")

events = lw.events.search(json={
  "timeFilter": {
    "startTime": start_time,
    "endTime": end_time
  }
})

host_vulns = lw.vulnerabilities.hosts.search(json={
    "timeFilter": {
        "startTime": start_time,
        "endTime": end_time
    }
})

container_vulns = lw.vulnerabilities.containers.search(json={
    "timeFilter": {
        "startTime": start_time,
        "endTime": end_time
    },
    "filters": [
        {
            "field": "imageId",
            "expression": "eq",
            "value": "sha256:657922eb2d64b0a34fe7339f8b48afb9f2f44635d7d6eaa92af69591d29b3330"
        }
    ]
})

Requirements

• Python 3.8 or higher
• Lacework API Credentials
  • Account Name
  • API Key
  • API Secret

How-To

The following information is required to instantiate a LaceworkClient instance:

• account: The Lacework account/organization domain. (xxxxx.lacework.net)
• api_key: The API Key that was generated from the Lacework UI/API.
• api_secret: The API Secret that was generated from the Lacework UI/API.

Optionally, you can also set a Lacework Sub-Account using the subaccount parameter.

To generate API credentials, you'll need to do the following in Lacework:

• In the Lacework web interface, go to Settings -> API Keys
• Create a new API Key and download information the credentials.

Environment Variables

If you wish to configure the LaceworkClient instance using environment variables, this module honors the same variables used by the Lacework CLI. The account, subaccount, api_key, api_secret, api_token, and profile parameters can all be configured as specified below.

Environment Variable	Description	Required
LW_PROFILE	Lacework CLI profile to use (configured at ~/.lacework.toml)	N
LW_ACCOUNT	Lacework account/organization domain (i.e. <account>.lacework.net)	Y
LW_SUBACCOUNT	Lacework sub-account	N
LW_API_KEY	Lacework API Access Key	N
LW_API_SECRET	Lacework API Access Secret	N
LW_API_TOKEN	Lacework API Token (alternative to key and secret)	N

NOTE: To authenticate with the Lacework API you must specify either a key and secret OR a token. If you specify both the token will be used.

Installation

Installing and upgrading laceworksdk is easy:

Install via PIP

$ pip install laceworksdk

Upgrading to the latest Version

$ pip install laceworksdk --upgrade

Examples

Are you looking for some sample scripts? Check out the examples folder!

Contributing