diff --git a/cli/docs/lacework_account.md b/cli/docs/lacework_account.md new file mode 100644 index 000000000..723e633ca --- /dev/null +++ b/cli/docs/lacework_account.md @@ -0,0 +1,46 @@ +## lacework account + +manage accounts in an organization (org admins only) + +### Synopsis + +Manage accounts inside your Lacework organization. + +An organization can contain multiple accounts so you can also manage components +such as alerts, resource groups, team members, and audit logs at a more granular +level inside an organization. A team member may have access to multiple accounts +and can easily switch between them. + +To enroll your Lacework account in an organization follow the documentation: + + https://support.lacework.com/hc/en-us/articles/360041727394-Organization-Overview + + +### Options + +``` + -h, --help help for account +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework](lacework.md) - A tool to manage the Lacework cloud security platform. +* [lacework account list](lacework_account_list.md) - list all accounts + diff --git a/cli/docs/lacework_account_list.md b/cli/docs/lacework_account_list.md new file mode 100644 index 000000000..9ce585545 --- /dev/null +++ b/cli/docs/lacework_account_list.md @@ -0,0 +1,39 @@ +## lacework account list + +list all accounts + +### Synopsis + +List all accounts in your organization. + +``` +lacework account list [flags] +``` + +### Options + +``` + -h, --help help for list +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework account](lacework_account.md) - manage accounts in an organization (org admins only) + diff --git a/cli/docs/lacework_alert-rule.md b/cli/docs/lacework_alert-rule.md new file mode 100644 index 000000000..190baf537 --- /dev/null +++ b/cli/docs/lacework_alert-rule.md @@ -0,0 +1,44 @@ +## lacework alert-rule + +manage alert rules + +### Synopsis + +Manage alert rules to route events to the appropriate people or tools. +An alert rule has three parts: + 1. Alert channel(s) that should receive the event notification + 2. Event severity and categories to include + 3. Resource group(s) containing the subset of your environment to consider + + +### Options + +``` + -h, --help help for alert-rule +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework](lacework.md) - A tool to manage the Lacework cloud security platform. +* [lacework alert-rule create](lacework_alert-rule_create.md) - create a new alert rule +* [lacework alert-rule delete](lacework_alert-rule_delete.md) - delete a alert rule +* [lacework alert-rule list](lacework_alert-rule_list.md) - list all alert rules +* [lacework alert-rule show](lacework_alert-rule_show.md) - show an alert rule by id + diff --git a/cli/docs/lacework_alert-rule_create.md b/cli/docs/lacework_alert-rule_create.md new file mode 100644 index 000000000..324404e0a --- /dev/null +++ b/cli/docs/lacework_alert-rule_create.md @@ -0,0 +1,39 @@ +## lacework alert-rule create + +create a new alert rule + +### Synopsis + +Creates a new single alert rule. + +``` +lacework alert-rule create [flags] +``` + +### Options + +``` + -h, --help help for create +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework alert-rule](lacework_alert-rule.md) - manage alert rules + diff --git a/cli/docs/lacework_alert-rule_delete.md b/cli/docs/lacework_alert-rule_delete.md new file mode 100644 index 000000000..a77862436 --- /dev/null +++ b/cli/docs/lacework_alert-rule_delete.md @@ -0,0 +1,39 @@ +## lacework alert-rule delete + +delete a alert rule + +### Synopsis + +Delete a single alert rule by it's ID. + +``` +lacework alert-rule delete [flags] +``` + +### Options + +``` + -h, --help help for delete +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework alert-rule](lacework_alert-rule.md) - manage alert rules + diff --git a/cli/docs/lacework_alert-rule_list.md b/cli/docs/lacework_alert-rule_list.md new file mode 100644 index 000000000..4dd216e17 --- /dev/null +++ b/cli/docs/lacework_alert-rule_list.md @@ -0,0 +1,39 @@ +## lacework alert-rule list + +list all alert rules + +### Synopsis + +List all alert rules configured in your Lacework account. + +``` +lacework alert-rule list [flags] +``` + +### Options + +``` + -h, --help help for list +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework alert-rule](lacework_alert-rule.md) - manage alert rules + diff --git a/cli/docs/lacework_alert-rule_show.md b/cli/docs/lacework_alert-rule_show.md new file mode 100644 index 000000000..0944e6f9e --- /dev/null +++ b/cli/docs/lacework_alert-rule_show.md @@ -0,0 +1,39 @@ +## lacework alert-rule show + +show an alert rule by id + +### Synopsis + +Show a single alert rule by it's ID. + +``` +lacework alert-rule show [flags] +``` + +### Options + +``` + -h, --help help for show +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework alert-rule](lacework_alert-rule.md) - manage alert rules + diff --git a/cli/docs/lacework_compliance_google_list.md b/cli/docs/lacework_compliance_google_list.md new file mode 100644 index 000000000..424bc0dce --- /dev/null +++ b/cli/docs/lacework_compliance_google_list.md @@ -0,0 +1,39 @@ +## lacework compliance google list + +list gcp projects and organizations + +### Synopsis + +List all GCP projects and organization IDs. + +``` +lacework compliance google list [flags] +``` + +### Options + +``` + -h, --help help for list +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework compliance google](lacework_compliance_google.md) - compliance for Google Cloud + diff --git a/cli/docs/lacework_policy.md b/cli/docs/lacework_policy.md new file mode 100644 index 000000000..8936d1ab5 --- /dev/null +++ b/cli/docs/lacework_policy.md @@ -0,0 +1,69 @@ +## lacework policy + +manage policies + +### Synopsis + +Manage policies in your Lacework account. + +A policy is a mechanism used to add annotated metadata to a Lacework query for improving +the context of alerts, reports, and information displayed in the Lacework Console. + +A policy also facilitates the scheduled execution of a Lacework query + +A query is a mechanism used to interactively request information from a specific +curated dataset. A query has a defined structure for authoring detections. + +Lacework ships a set of default LQL policies that are available in your account. + +Limitations: + * The maximum number of records that each policy will return is 1000 + * The maximum number of API calls is 120 per hour for ad-hoc LQL query executions + +To view all the policies in your Lacework account. + + lacework policy ls + +To view more details about a single policy. + + lacework policy show + +To view the LQL query associated with the policy, use the query id shown. + + lacework query show + +** NOTE: LQL syntax may change. ** + + +### Options + +``` + -h, --help help for policy +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework](lacework.md) - A tool to manage the Lacework cloud security platform. +* [lacework policy create](lacework_policy_create.md) - create a policy +* [lacework policy delete](lacework_policy_delete.md) - delete a policy +* [lacework policy list](lacework_policy_list.md) - list policies +* [lacework policy show](lacework_policy_show.md) - show policy +* [lacework policy update](lacework_policy_update.md) - update a policy + diff --git a/cli/docs/lacework_policy_create.md b/cli/docs/lacework_policy_create.md new file mode 100644 index 000000000..46d4b9b87 --- /dev/null +++ b/cli/docs/lacework_policy_create.md @@ -0,0 +1,58 @@ +## lacework policy create + +create a policy + +### Synopsis + +Create a policy. + +A policy is represented in either JSON or YAML format. +The following attributes are minimally required: +--- +evaluatorId: Cloudtrail +policyId: lacework-example-1 +policyType: Violation +queryId: MyQuery +title: My Policy +enabled: false +description: My Policy Description +remediation: My Policy Remediation +severity: high +evalFrequency: Daily +alertEnabled: false +alertProfile: LW_CloudTrail_Alerts + + +``` +lacework policy create [flags] +``` + +### Options + +``` + -f, --file string path to a policy to create + -h, --help help for create + -u, --url string url to a policy to create +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework policy](lacework_policy.md) - manage policies + diff --git a/cli/docs/lacework_policy_delete.md b/cli/docs/lacework_policy_delete.md new file mode 100644 index 000000000..4547b36a4 --- /dev/null +++ b/cli/docs/lacework_policy_delete.md @@ -0,0 +1,42 @@ +## lacework policy delete + +delete a policy + +### Synopsis + +Delete a policy by providing the policy id. + +Use the command 'lacework policy list' to list the registered policies in +your Lacework account. + +``` +lacework policy delete [flags] +``` + +### Options + +``` + -h, --help help for delete +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework policy](lacework_policy.md) - manage policies + diff --git a/cli/docs/lacework_policy_list.md b/cli/docs/lacework_policy_list.md new file mode 100644 index 000000000..0c1a74b1b --- /dev/null +++ b/cli/docs/lacework_policy_list.md @@ -0,0 +1,42 @@ +## lacework policy list + +list policies + +### Synopsis + +List all the registered policies in your Lacework account. + +``` +lacework policy list [flags] +``` + +### Options + +``` + --alert_enabled only show alert_enabled policies + --enabled only show enabled policies + -h, --help help for list + --severity string filter policies by severity threshold (critical, high, medium, low, info) +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework policy](lacework_policy.md) - manage policies + diff --git a/cli/docs/lacework_policy_show.md b/cli/docs/lacework_policy_show.md new file mode 100644 index 000000000..ea2a07cf4 --- /dev/null +++ b/cli/docs/lacework_policy_show.md @@ -0,0 +1,39 @@ +## lacework policy show + +show policy + +### Synopsis + +Show details about a single policy. + +``` +lacework policy show [flags] +``` + +### Options + +``` + -h, --help help for show +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework policy](lacework_policy.md) - manage policies + diff --git a/cli/docs/lacework_policy_update.md b/cli/docs/lacework_policy_update.md new file mode 100644 index 000000000..306162753 --- /dev/null +++ b/cli/docs/lacework_policy_update.md @@ -0,0 +1,58 @@ +## lacework policy update + +update a policy + +### Synopsis + +Update a policy. + +A policy identifier is required to update a policy. + +A policy identifier can be specified via: +1. A policy update command argument + + lacework policy update my-policy-1 + +2. The policy update payload + +{ + "policy_id": "my-policy-1", + "severity": "critical" +} + +A policy identifier specifed via command argument will always take precedence over +a policy identifer specified via payload. + +``` +lacework policy update [policy_id] [flags] +``` + +### Options + +``` + -f, --file string path to a policy to update + -h, --help help for update + -u, --url string url to a policy to update +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework policy](lacework_policy.md) - manage policies + diff --git a/cli/docs/lacework_query.md b/cli/docs/lacework_query.md new file mode 100644 index 000000000..887bb4e71 --- /dev/null +++ b/cli/docs/lacework_query.md @@ -0,0 +1,73 @@ +## lacework query + +run and manage queries + +### Synopsis + +Run and manage Lacework Query Language (LQL) queries. + +To provide customizable specification of datasets, Lacework provides the Lacework +Query Language (LQL). LQL is a human-readable text syntax for specifying selection, +filtering, and manipulation of data. + +Currently, Lacework has introduced LQL for configuration of AWS CloudTrail policies +and queries. This means you can use LQL to customize AWS CloudTrail policies only. +For all other policies, use the previous existing methods. + +Lacework ships a set of default LQL queries that are available in your account. + +For more information about LQL, visit: + + https://support.lacework.com/hc/en-us/articles/4402301824403-LQL-Overview + +To view all LQL queries in your Lacework account. + + lacework query ls + +To show a query. + + lacework query show + +To execute a query. + + lacework query run + +** NOTE: LQL syntax may change. ** + + +### Options + +``` + -h, --help help for query +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework](lacework.md) - A tool to manage the Lacework cloud security platform. +* [lacework query create](lacework_query_create.md) - create a query +* [lacework query delete](lacework_query_delete.md) - delete a query +* [lacework query list](lacework_query_list.md) - list queries +* [lacework query list-sources](lacework_query_list-sources.md) - list Lacework query data sources +* [lacework query run](lacework_query_run.md) - run a query +* [lacework query show](lacework_query_show.md) - show a query +* [lacework query show-source](lacework_query_show-source.md) - show Lacework query data source +* [lacework query update](lacework_query_update.md) - update a query +* [lacework query validate](lacework_query_validate.md) - validate a query + diff --git a/cli/docs/lacework_query_create.md b/cli/docs/lacework_query_create.md new file mode 100644 index 000000000..94db88176 --- /dev/null +++ b/cli/docs/lacework_query_create.md @@ -0,0 +1,112 @@ +## lacework query create + +create a query + +### Synopsis + +Create a query. + +There are multiple ways you can create a query: + + * Typing the query into your default editor (via $EDITOR) + * Piping a query to the Lacework CLI command (via $STDIN) + * From a local file on disk using the flag '--file' + * From a URL using the flag '--url' + +There are also multiple formats you can use to define a query: + + * Javascript Object Notation (JSON) + * YAML Ain't Markup Language (YAML) + +To launch your default editor and create a new query. + + lacework lql create + +The following example comes from Lacework's implementation of a policy query: + +--- +evaluatorId: Cloudtrail +queryId: LW_Global_AWS_CTA_AccessKeyDeleted +queryText: |- + LW_Global_AWS_CTA_AccessKeyDeleted { + source { + CloudTrailRawEvents + } + filter { + EVENT_SOURCE = 'iam.amazonaws.com' + and EVENT_NAME = 'DeleteAccessKey' + and ERROR_CODE is null + } + return distinct { + INSERT_ID, + INSERT_TIME, + EVENT_TIME, + EVENT + } + } + +Identifier of the query that executes while running the policy + + +This query specifies an identifier named 'LW_Global_AWS_CTA_AccessKeyDeleted'. +Policy evaluation uses this dataset (along with the filters) to identify AWS +CloudTrail events that signify that an IAM access key was deleted. The query +is delimited by '{ }' and contains three sections: + + * Source data is specified in the 'source' clause. The source of data is the + 'CloudTrailRawEvents' dataset. LQL queries generally refer to other datasets, + and customizable policies always target a suitable dataset. + + * Records of interest are specified by the 'filter' clause. In the example, the + records available in 'CloudTrailRawEvents' are filtered for those whose source + is 'iam.amazonaws.com', whose event name is 'DeleteAccessKey', and that do not + have any error code. The syntax for this filtering expression strongly resembles SQL. + + * The fields this query exposes are listed in the 'return' clause. Because there + may be unwanted duplicates among result records when Lacework composes them from + just these four columns, the distinct modifier is added. This behaves like a SQL + 'SELECT DISTINCT'. Each returned column in this case is just a field that is present + in 'CloudTrailRawEvents', but we can compose results by manipulating strings, dates, + JSON and numbers as well. + +The resulting dataset is shaped like a table. The table's columns are named with the +names of the columns selected. If desired, you could alias them to other names as well. + +For more information about LQL, visit: + + https://support.lacework.com/hc/en-us/articles/4402301824403-LQL-Overview + + +``` +lacework query create [flags] +``` + +### Options + +``` + -f, --file string path to a query to create + -h, --help help for create + -u, --url string url to a query to create +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_query_delete.md b/cli/docs/lacework_query_delete.md new file mode 100644 index 000000000..d6d1ca5a1 --- /dev/null +++ b/cli/docs/lacework_query_delete.md @@ -0,0 +1,42 @@ +## lacework query delete + +delete a query + +### Synopsis + +Delete a single LQL query by providing the query id. + +Use the command 'lacework query list' to list the available queries in +your Lacework account. + +``` +lacework query delete [flags] +``` + +### Options + +``` + -h, --help help for delete +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_query_list-sources.md b/cli/docs/lacework_query_list-sources.md new file mode 100644 index 000000000..220932ceb --- /dev/null +++ b/cli/docs/lacework_query_list-sources.md @@ -0,0 +1,39 @@ +## lacework query list-sources + +list Lacework query data sources + +### Synopsis + +List Lacework query data sources. + +``` +lacework query list-sources [flags] +``` + +### Options + +``` + -h, --help help for list-sources +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_query_list.md b/cli/docs/lacework_query_list.md new file mode 100644 index 000000000..80a09eb2b --- /dev/null +++ b/cli/docs/lacework_query_list.md @@ -0,0 +1,39 @@ +## lacework query list + +list queries + +### Synopsis + +List all LQL queries in your Lacework account. + +``` +lacework query list [flags] +``` + +### Options + +``` + -h, --help help for list +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_query_run.md b/cli/docs/lacework_query_run.md new file mode 100644 index 000000000..557595f96 --- /dev/null +++ b/cli/docs/lacework_query_run.md @@ -0,0 +1,70 @@ +## lacework query run + +run a query + +### Synopsis + +Run an LQL query via editor: + + lacework query run --range today + +Run a query via ID (uses active profile): + + lacework query run MyQuery --start "-1w@w" --end "@w" + +Start and End times are required to run a query: + +1. Start and End times must be specified in one of the following formats: + + A. A relative time specifier + B. RFC3339 Date and Time + C. Epoch time in milliseconds + +2. Start and End times must be specified in one of the following ways: + + A. As StartTimeRange and EndTimeRange in the ParamInfo block within the query + B. As start_time_range and end_time_range if specifying JSON + C. As --start and --end CLI flags + +3. Start and End time precedence: + + A. CLI flags take precedence over JSON specifications + B. JSON specifications take precedence over ParamInfo specifications + +``` +lacework query run [query_id] [flags] +``` + +### Options + +``` + --end string end time for query (default "now") + -f, --file string path to a query to run + -h, --help help for run + --range string natural time range for query + --start string start time for query (default "@d") + -u, --url string url to a query to run + --validate_only validate query only (do not run) +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_query_show-source.md b/cli/docs/lacework_query_show-source.md new file mode 100644 index 000000000..2c4c11ad0 --- /dev/null +++ b/cli/docs/lacework_query_show-source.md @@ -0,0 +1,39 @@ +## lacework query show-source + +show Lacework query data source + +### Synopsis + +Show Lacework query data source. + +``` +lacework query show-source [flags] +``` + +### Options + +``` + -h, --help help for show-source +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_query_show.md b/cli/docs/lacework_query_show.md new file mode 100644 index 000000000..034fe3654 --- /dev/null +++ b/cli/docs/lacework_query_show.md @@ -0,0 +1,39 @@ +## lacework query show + +show a query + +### Synopsis + +Show a query. + +``` +lacework query show [flags] +``` + +### Options + +``` + -h, --help help for show +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_query_update.md b/cli/docs/lacework_query_update.md new file mode 100644 index 000000000..287f41ed9 --- /dev/null +++ b/cli/docs/lacework_query_update.md @@ -0,0 +1,57 @@ +## lacework query update + +update a query + +### Synopsis + +Update a single LQL query. + +There are multiple ways you can update a query: + + * Typing the query into your default editor (via $EDITOR) + * From a local file on disk using the flag '--file' + * From a URL using the flag '--url' + +There are also multiple formats you can use to define a query: + + * Javascript Object Notation (JSON) + * YAML Ain't Markup Language (YAML) + +To launch your default editor and update a query. + + lacework query update + + +``` +lacework query update [flags] +``` + +### Options + +``` + -f, --file string path to a query to update + -h, --help help for update + -u, --url string url to a query to update +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_query_validate.md b/cli/docs/lacework_query_validate.md new file mode 100644 index 000000000..c2050bd27 --- /dev/null +++ b/cli/docs/lacework_query_validate.md @@ -0,0 +1,57 @@ +## lacework query validate + +validate a query + +### Synopsis + +Use this command to validate a single LQL query before creating it. + +There are multiple ways you can validate a query: + + * Typing the query into your default editor (via $EDITOR) + * From a local file on disk using the flag '--file' + * From a URL using the flag '--url' + +There are also multiple formats you can use to define a query: + + * Javascript Object Notation (JSON) + * YAML Ain't Markup Language (YAML) + +To launch your default editor and validate a query. + + lacework query validate + + +``` +lacework query validate [flags] +``` + +### Options + +``` + -f, --file string path to a query to validate + -h, --help help for validate + -u, --url string url to a query to validate +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework query](lacework_query.md) - run and manage queries + diff --git a/cli/docs/lacework_resource-group.md b/cli/docs/lacework_resource-group.md new file mode 100644 index 000000000..64333ad92 --- /dev/null +++ b/cli/docs/lacework_resource-group.md @@ -0,0 +1,39 @@ +## lacework resource-group + +manage resource groups + +### Synopsis + +Manage Lacework-identifiable assets via the use of resource groups. + +### Options + +``` + -h, --help help for resource-group +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework](lacework.md) - A tool to manage the Lacework cloud security platform. +* [lacework resource-group create](lacework_resource-group_create.md) - create a new resource group +* [lacework resource-group delete](lacework_resource-group_delete.md) - delete a resource group +* [lacework resource-group list](lacework_resource-group_list.md) - list all resource groups +* [lacework resource-group show](lacework_resource-group_show.md) - get resource group by id + diff --git a/cli/docs/lacework_resource-group_create.md b/cli/docs/lacework_resource-group_create.md new file mode 100644 index 000000000..9dbb964ac --- /dev/null +++ b/cli/docs/lacework_resource-group_create.md @@ -0,0 +1,39 @@ +## lacework resource-group create + +create a new resource group + +### Synopsis + +Creates a new single resource group. + +``` +lacework resource-group create [flags] +``` + +### Options + +``` + -h, --help help for create +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework resource-group](lacework_resource-group.md) - manage resource groups + diff --git a/cli/docs/lacework_resource-group_delete.md b/cli/docs/lacework_resource-group_delete.md new file mode 100644 index 000000000..b44fc5117 --- /dev/null +++ b/cli/docs/lacework_resource-group_delete.md @@ -0,0 +1,39 @@ +## lacework resource-group delete + +delete a resource group + +### Synopsis + +Delete a single resource group by it's Resource ID. + +``` +lacework resource-group delete [flags] +``` + +### Options + +``` + -h, --help help for delete +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework resource-group](lacework_resource-group.md) - manage resource groups + diff --git a/cli/docs/lacework_resource-group_list.md b/cli/docs/lacework_resource-group_list.md new file mode 100644 index 000000000..c79eade73 --- /dev/null +++ b/cli/docs/lacework_resource-group_list.md @@ -0,0 +1,39 @@ +## lacework resource-group list + +list all resource groups + +### Synopsis + +List all resource groups configured in your Lacework account. + +``` +lacework resource-group list [flags] +``` + +### Options + +``` + -h, --help help for list +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework resource-group](lacework_resource-group.md) - manage resource groups + diff --git a/cli/docs/lacework_resource-group_show.md b/cli/docs/lacework_resource-group_show.md new file mode 100644 index 000000000..7d2bcb305 --- /dev/null +++ b/cli/docs/lacework_resource-group_show.md @@ -0,0 +1,39 @@ +## lacework resource-group show + +get resource group by id + +### Synopsis + +Get a single resource group by it's Resource ID. + +``` +lacework resource-group show [flags] +``` + +### Options + +``` + -h, --help help for show +``` + +### Options inherited from parent commands + +``` + -a, --account string account subdomain of URL (i.e. .lacework.net) + -k, --api_key string access key id + -s, --api_secret string secret access key + --api_token string access token (replaces the use of api_key and api_secret) + --debug turn on debug logging + --json switch commands output from human-readable to json format + --nocache turn off caching + --nocolor turn off colors + --noninteractive turn off interactive mode (disable spinners, prompts, etc.) + --organization access organization level data sets (org admins only) + -p, --profile string switch between profiles configured at ~/.lacework.toml + --subaccount string sub-account name inside your organization (org admins only) +``` + +### SEE ALSO + +* [lacework resource-group](lacework_resource-group.md) - manage resource groups + diff --git a/cli/docs/lacework_vulnerability_container_list-assessments.md b/cli/docs/lacework_vulnerability_container_list-assessments.md index 74f587b1e..355be9d60 100644 --- a/cli/docs/lacework_vulnerability_container_list-assessments.md +++ b/cli/docs/lacework_vulnerability_container_list-assessments.md @@ -20,8 +20,8 @@ lacework vulnerability container list-assessments [flags] --end string end of the time range in UTC (format: yyyy-MM-ddTHH:mm:ssZ) --fixable only show fixable vulnerabilities -h, --help help for list-assessments - -r, --repository strings filter assessments for specific repositories --registry strings filter assessments for specific registries + -r, --repository strings filter assessments for specific repositories --start string start of the time range in UTC (format: yyyy-MM-ddTHH:mm:ssZ) ```