From c31b031906e00594bf2b8047543fa7986f5edab8 Mon Sep 17 00:00:00 2001 From: Alan Nix Date: Wed, 9 Nov 2022 13:43:08 -0500 Subject: [PATCH] refactor: moved examples to APIv2 --- examples/example_alert_channels.py | 7 +-- examples/example_alerts.py | 34 +++++++++++++ examples/example_audit_logs.py | 7 +-- examples/example_cloud_accounts.py | 27 ++++++++++ ...udtrail.py => example_cloud_activities.py} | 21 ++++---- examples/example_compliance.py | 32 ------------ examples/example_compliance_config.py | 26 ---------- examples/example_events.py | 37 -------------- examples/example_integrations.py | 33 ------------ examples/example_query_policy.py | 9 ++-- examples/example_reports.py | 25 ++++++++++ examples/example_run_reports.py | 31 ------------ examples/example_schemas.py | 7 +-- .../example_syscall_query_policy.py | 9 ++-- examples/example_tokens.py | 17 +++---- examples/example_vulnerabilities.py | 50 ++++++------------- 16 files changed, 128 insertions(+), 244 deletions(-) create mode 100644 examples/example_alerts.py create mode 100644 examples/example_cloud_accounts.py rename examples/{example_cloudtrail.py => example_cloud_activities.py} (62%) delete mode 100644 examples/example_compliance.py delete mode 100644 examples/example_compliance_config.py delete mode 100644 examples/example_events.py delete mode 100644 examples/example_integrations.py create mode 100644 examples/example_reports.py delete mode 100644 examples/example_run_reports.py rename example_syscall_query_policy.py => examples/example_syscall_query_policy.py (82%) diff --git a/examples/example_alert_channels.py b/examples/example_alert_channels.py index 6b54c3b..07f7c8e 100644 --- a/examples/example_alert_channels.py +++ b/examples/example_alert_channels.py @@ -4,7 +4,6 @@ """ import logging -import os from dotenv import load_dotenv from laceworksdk import LaceworkClient @@ -15,10 +14,8 @@ if __name__ == "__main__": - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() # Alert Channels API diff --git a/examples/example_alerts.py b/examples/example_alerts.py new file mode 100644 index 0000000..d1d9c8b --- /dev/null +++ b/examples/example_alerts.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +""" +Example script showing how to use the LaceworkClient class. +""" + +import logging +import random + +from datetime import datetime, timedelta, timezone +from dotenv import load_dotenv +from laceworksdk import LaceworkClient + +logging.basicConfig(level=logging.DEBUG) + +load_dotenv() + +if __name__ == "__main__": + + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() + + # Build start/end times + current_time = datetime.now(timezone.utc) + start_time = current_time - timedelta(days=1) + start_time = start_time.strftime("%Y-%m-%dT%H:%M:%S%z") + end_time = current_time.strftime("%Y-%m-%dT%H:%M:%S%z") + + # Alerts API + + # Get alerts for specified time range + alerts = lacework_client.alerts.get(start_time=start_time, end_time=end_time) + + # Get alert details for specified ID + alert_details = lacework_client.alerts.get_details(random.choice(alerts["data"])["alertId"]) diff --git a/examples/example_audit_logs.py b/examples/example_audit_logs.py index 34165cd..cd1687d 100644 --- a/examples/example_audit_logs.py +++ b/examples/example_audit_logs.py @@ -4,7 +4,6 @@ """ import logging -import os from datetime import datetime, timedelta, timezone from dotenv import load_dotenv @@ -16,10 +15,8 @@ if __name__ == "__main__": - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() # Build start/end times current_time = datetime.now(timezone.utc) diff --git a/examples/example_cloud_accounts.py b/examples/example_cloud_accounts.py new file mode 100644 index 0000000..d27b036 --- /dev/null +++ b/examples/example_cloud_accounts.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +""" +Example script showing how to use the LaceworkClient class. +""" + +import logging +import random + +from dotenv import load_dotenv +from laceworksdk import LaceworkClient + +logging.basicConfig(level=logging.DEBUG) + +load_dotenv() + +if __name__ == "__main__": + + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() + + # Cloud Accounts API + + # Get all Cloud Accounts + integrations = lacework_client.cloud_accounts.get() + + # Get Cloud Account by ID + integration_by_id = lacework_client.cloud_accounts.get_by_guid((random.choice(integrations["data"])["INTG_GUID"])) diff --git a/examples/example_cloudtrail.py b/examples/example_cloud_activities.py similarity index 62% rename from examples/example_cloudtrail.py rename to examples/example_cloud_activities.py index 668dea9..26e78b6 100644 --- a/examples/example_cloudtrail.py +++ b/examples/example_cloud_activities.py @@ -4,7 +4,6 @@ """ import logging -import os from datetime import datetime, timedelta, timezone from dotenv import load_dotenv @@ -16,10 +15,8 @@ if __name__ == "__main__": - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() # Build start/end times current_time = datetime.now(timezone.utc) @@ -27,16 +24,16 @@ start_time = start_time.strftime("%Y-%m-%dT%H:%M:%SZ") end_time = current_time.strftime("%Y-%m-%dT%H:%M:%SZ") - # CloudTrail API + # Cloud Activities API - # Get CloudTrail - lacework_client.cloudtrail.get() + # Get Cloud Activities + lacework_client.cloud_activities.get() - # Get CloudTrail by date range - lacework_client.cloudtrail.get(start_time=start_time, end_time=end_time) + # Get Cloud Activities by date range + lacework_client.cloud_activities.get(start_time=start_time, end_time=end_time) - # Search CloudTrail - lacework_client.cloudtrail.search(json={ + # Search Cloud Activities + lacework_client.cloud_activities.search(json={ "timeFilter": { "startTime": start_time, "endTime": end_time diff --git a/examples/example_compliance.py b/examples/example_compliance.py deleted file mode 100644 index 1d43757..0000000 --- a/examples/example_compliance.py +++ /dev/null @@ -1,32 +0,0 @@ -# -*- coding: utf-8 -*- -""" -Example script showing how to use the LaceworkClient class. -""" - -import logging -import os - -from dotenv import load_dotenv -from laceworksdk import LaceworkClient - -logging.basicConfig(level=logging.DEBUG) - -load_dotenv() - -if __name__ == "__main__": - - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) - - # Compliance API - - # Get latest compliance report in JSON format for AWS account - lacework_client.compliance.get_latest_aws_report(aws_account_id="123456789", file_format="json") - - # Get latest compliance report in PDF format for AWS account - lacework_client.compliance.get_latest_aws_report(aws_account_id="123456789", file_format="pdf", pdf_path="") - - # Get a list of subscriptions for an Azure Tenant - lacework_client.compliance.list_azure_subscriptions("xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx") diff --git a/examples/example_compliance_config.py b/examples/example_compliance_config.py deleted file mode 100644 index 4acaf6c..0000000 --- a/examples/example_compliance_config.py +++ /dev/null @@ -1,26 +0,0 @@ -# -*- coding: utf-8 -*- -""" -Example script showing how to use the LaceworkClient class. -""" - -import logging -import os - -from dotenv import load_dotenv -from laceworksdk import LaceworkClient - -logging.basicConfig(level=logging.DEBUG) - -load_dotenv() - -if __name__ == "__main__": - - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) - - # Custom Compliance Config API - - # Get Custom Compliance Config - lacework_client.compliance.config.get() diff --git a/examples/example_events.py b/examples/example_events.py deleted file mode 100644 index 8f360cd..0000000 --- a/examples/example_events.py +++ /dev/null @@ -1,37 +0,0 @@ -# -*- coding: utf-8 -*- -""" -Example script showing how to use the LaceworkClient class. -""" - -import logging -import os -import random - -from datetime import datetime, timedelta, timezone -from dotenv import load_dotenv -from laceworksdk import LaceworkClient - -logging.basicConfig(level=logging.DEBUG) - -load_dotenv() - -if __name__ == "__main__": - - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) - - # Build start/end times - current_time = datetime.now(timezone.utc) - start_time = current_time - timedelta(days=1) - start_time = start_time.strftime("%Y-%m-%dT%H:%M:%S%z") - end_time = current_time.strftime("%Y-%m-%dT%H:%M:%S%z") - - # Event API - - # Get events for specified time range - events = lacework_client.events.get_for_date_range(start_time=start_time, end_time=end_time) - - # Get event details for specified ID - event_details = lacework_client.events.get_details(random.choice(events["data"])["EVENT_ID"]) diff --git a/examples/example_integrations.py b/examples/example_integrations.py deleted file mode 100644 index 0bec7ef..0000000 --- a/examples/example_integrations.py +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8 -*- -""" -Example script showing how to use the LaceworkClient class. -""" - -import logging -import os -import random - -from dotenv import load_dotenv -from laceworksdk import LaceworkClient - -logging.basicConfig(level=logging.DEBUG) - -load_dotenv() - -if __name__ == "__main__": - - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) - - # Integration API - - # Get all Integrations - integrations = lacework_client.integrations.get_all() - - # Get Integration by ID - integration_by_id = lacework_client.integrations.get_by_id(random.choice(integrations["data"])["INTG_GUID"]) - - # Get Integration Schema by Type - lacework_client.integrations.get_schema(integration_by_id["data"][0]["TYPE"]) diff --git a/examples/example_query_policy.py b/examples/example_query_policy.py index 16d3465..fd4b82f 100644 --- a/examples/example_query_policy.py +++ b/examples/example_query_policy.py @@ -4,7 +4,6 @@ """ import logging -import os import random import string @@ -21,10 +20,8 @@ if __name__ == "__main__": - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() # Queries/Policies API @@ -32,7 +29,7 @@ query_response = lacework_client.queries.create( evaluator_id="Cloudtrail", query_id=QUERY_ID, - query_text=f"""{QUERY_ID} {{ + query_text=f"""{{ source {{CloudTrailRawEvents e}} filter {{EVENT_SOURCE = 'iam.amazonaws.com' AND EVENT:userIdentity.name::String NOT LIKE 'Terraform-Service-Acct'}} diff --git a/examples/example_reports.py b/examples/example_reports.py new file mode 100644 index 0000000..293c10d --- /dev/null +++ b/examples/example_reports.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +""" +Example script showing how to use the LaceworkClient class. +""" + +import logging + +from dotenv import load_dotenv +from laceworksdk import LaceworkClient + +logging.basicConfig(level=logging.DEBUG) + +load_dotenv() + +if __name__ == "__main__": + + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() + + # Reports API + + # Get latest compliance report in JSON format for AWS account + lacework_client.reports.get( + primary_query_id="123456798012", format="json", report_type="AWS_CIS_14" + ) diff --git a/examples/example_run_reports.py b/examples/example_run_reports.py deleted file mode 100644 index 1540efb..0000000 --- a/examples/example_run_reports.py +++ /dev/null @@ -1,31 +0,0 @@ -""" -Example script showing how to use the LaceworkClient class. -""" - -import logging -import os - -from dotenv import load_dotenv -from laceworksdk import LaceworkClient - -logging.basicConfig(level=logging.DEBUG) - -load_dotenv() - -if __name__ == "__main__": - - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) - - # Run Report API - - # Run compliance report on an AWS Account - lacework_client.run_reports.aws(aws_account_id="123456789") - - # Run compliance report on an Azure Tenant Account - lacework_client.run_reports.azure(azure_tenant_id="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx") - - # Run compliance report on a GCP Project - lacework_client.run_reports.gcp(gcp_project_id="example-project-id") diff --git a/examples/example_schemas.py b/examples/example_schemas.py index c5f1043..c5acbd1 100644 --- a/examples/example_schemas.py +++ b/examples/example_schemas.py @@ -4,7 +4,6 @@ """ import logging -import os from dotenv import load_dotenv from laceworksdk import LaceworkClient @@ -15,10 +14,8 @@ if __name__ == "__main__": - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() # Schemas API diff --git a/example_syscall_query_policy.py b/examples/example_syscall_query_policy.py similarity index 82% rename from example_syscall_query_policy.py rename to examples/example_syscall_query_policy.py index f22043a..eda8b3b 100644 --- a/example_syscall_query_policy.py +++ b/examples/example_syscall_query_policy.py @@ -5,7 +5,6 @@ """ import logging -import os import random import string @@ -22,17 +21,15 @@ if __name__ == "__main__": - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() # Queries/Policies API # Create a Query query_response = lacework_client.queries.create( query_id=QUERY_ID, - query_text=f"""{QUERY_ID} {{ + query_text=f"""{{ source {{ LW_HA_SYSCALLS_FILE }} diff --git a/examples/example_tokens.py b/examples/example_tokens.py index dd3d3e5..835ef16 100644 --- a/examples/example_tokens.py +++ b/examples/example_tokens.py @@ -4,7 +4,6 @@ """ import logging -import os import random from dotenv import load_dotenv @@ -16,15 +15,13 @@ if __name__ == "__main__": - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() - # Token API + # Agent Access Token API - # Get all enabled API tokens - enabled_api_tokens = lacework_client.tokens.get_enabled() + # Get all Agent Access Tokens + agent_api_tokens = lacework_client.agent_access_tokens.get() - # Get specified API token - api_token = lacework_client.tokens.get_token(random.choice(enabled_api_tokens["data"])["ACCESS_TOKEN"]) + # Get specified Agent Access Token + api_token = lacework_client.agent_access_tokens.get_by_id(random.choice(agent_api_tokens["data"])["ACCESS_TOKEN"]) diff --git a/examples/example_vulnerabilities.py b/examples/example_vulnerabilities.py index 383f6ed..7a624b5 100644 --- a/examples/example_vulnerabilities.py +++ b/examples/example_vulnerabilities.py @@ -4,9 +4,6 @@ """ import logging -import os -import random -import time from datetime import datetime, timedelta, timezone from dotenv import load_dotenv @@ -18,10 +15,8 @@ if __name__ == "__main__": - # Use enviroment variables to instantiate a LaceworkClient instance - lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"), - api_secret=os.getenv("LW_API_SECRET"), - account=os.getenv("LW_ACCOUNT")) + # Instantiate a LaceworkClient instance + lacework_client = LaceworkClient() # Build start/end times current_time = datetime.now(timezone.utc) @@ -33,35 +28,18 @@ # Host - # Get host vulnerabilities for the previous 24 hours - host_vulnerabilities = lacework_client.vulnerabilities.get_host_vulnerabilities() - - # Get host vulnerabilities for the specified CVE - host_vulnerabilities_cve = lacework_client.vulnerabilities.get_host_vulnerabilities_by_cve(random.choice(host_vulnerabilities["data"])["cve_id"]) - - # Get host vulnerabilities for the specified machine ID - host_vulnerabilities_machine_id = lacework_client.vulnerabilities.get_host_vulnerabilities_by_machine_id("1") + host_vulns = lacework_client.vulnerabilities.hosts.search(json={ + "timeFilter": { + "startTime": start_time, + "endTime": end_time + } + }) # Containers - # Get container evaluations for the specified time range - container_evaluations = lacework_client.vulnerabilities.get_container_assessments_by_date(start_time=start_time, end_time=end_time) - - # Get container vulnerabilities for the specified image digest - container_vulnerabilities = lacework_client.vulnerabilities.get_container_vulnerabilities(image_digest="sha256:123") - - # Initiate a container scan for the specified repo and tag - container_vulnerability_scan = lacework_client.vulnerabilities.initiate_container_scan("index.docker.io", "foo/bar", "latest") - - # Loop/wait for the container vulnerability scan to finish - while True: - - # Get the scan status - container_vulnerability_scan_status = lacework_client.vulnerabilities.get_container_scan_status(container_vulnerability_scan["data"]["RequestId"]) - - # Wait for the scan to finish, then break - if "Status" in container_vulnerability_scan_status["data"].keys(): - print(f"Current Scan Status: {container_vulnerability_scan_status['data']['Status']}...") - time.sleep(10) - else: - break + container_vulns = lacework_client.vulnerabilities.containers.search({ + "timeFilter": { + "startTime": start_time, + "endTime": end_time + } + })