laceworksdk.api.v1.vulnerability
Lacework Vulnerability API wrapper.
1# -*- coding: utf-8 -*- 2""" 3Lacework Vulnerability API wrapper. 4""" 5 6import logging 7 8logger = logging.getLogger(__name__) 9 10 11class VulnerabilityAPI: 12 """ 13 Lacework Vulnerability API. 14 """ 15 16 def __init__(self, session): 17 """ 18 Initializes the VulnerabilityAPI object. 19 20 :param session: An instance of the HttpSession class 21 22 :return VulnerabilityAPI object. 23 """ 24 25 super().__init__() 26 27 self._session = session 28 29 def get_container_assessments_by_date(self, 30 start_time=None, 31 end_time=None): 32 """ 33 A method to get a list of container vulnerability assessments for the specified date range. 34 35 :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. 36 :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. 37 38 :return: response json 39 """ 40 41 logger.info("Getting container vulnerability assessments from Lacework...") 42 43 # Build the Host Vulnerabilities request URI 44 api_uri = "/api/v1/external/vulnerabilities/container/GetAssessmentsForDateRange?" 45 46 if start_time and end_time: 47 api_uri += f"&START_TIME={start_time}&END_TIME={end_time}" 48 49 response = self._session.get(api_uri) 50 51 return response.json() 52 53 def get_container_vulnerabilities(self, 54 image_digest=None, 55 image_id=None, 56 severity=None, 57 fixable=None, 58 start_time=None, 59 end_time=None): 60 """ 61 A method to get the last scan data of the specified container. 62 63 :param image_digest: A string representing the container image digest for which to fetch vulnerabilities. 64 :param image_id: A string representing the container image ID for which to fetch vulnerabilities. 65 :param severity: A string representing the severity of vulnerabilities to fetch. 66 :param fixable: A boolean which filters for fixable vulnerabilities. 67 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 68 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 69 70 :return: response json 71 """ 72 73 logger.info("Getting container vulnerabilities from Lacework...") 74 75 if image_digest: 76 # Build the Container Vulnerability request URI 77 api_uri = f"/api/v1/external/vulnerabilities/container/imageDigest/{image_digest}?" 78 elif image_id: 79 # Build the Container Vulnerability request URI 80 api_uri = f"/api/v1/external/vulnerabilities/container/imageId/{image_id}?" 81 else: 82 logger.error("An Image Digest or Image ID must be specified.") 83 exit() 84 85 if fixable is not None: 86 api_uri += f"&fixable={fixable}" 87 88 if severity: 89 api_uri += f"&severity={severity}" 90 91 if start_time and end_time: 92 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 93 94 response = self._session.get(api_uri) 95 96 return response.json() 97 98 def initiate_container_scan(self, 99 registry, 100 repository, 101 tag): 102 """ 103 A method to initiate a container vulnerability scan. 104 105 :param registry: A string representing the container registry. 106 :param repository: A string representing the container repository. 107 :param tag: A string representing the container tag. 108 109 :return: response json 110 """ 111 112 logger.info("Initiating container vulnerability scan in Lacework...") 113 114 # Build the Container Image Scan request URI 115 api_uri = "/api/v1/external/vulnerabilities/container/repository/images/scan" 116 117 data = { 118 "registry": registry, 119 "repository": repository, 120 "tag": tag 121 } 122 123 response = self._session.post(api_uri, data=data) 124 125 return response.json() 126 127 def get_container_scan_status(self, 128 request_id, 129 severity=None, 130 fixable=None): 131 """ 132 A method to get the status/results of a container vulnerability scan from Lacework. 133 134 :param request_id: A string representing the request ID to be queried. 135 :param severity: A string representing the severity of vulnerabilities to fetch. 136 :param fixable: A boolean which filters for fixable vulnerabilities. 137 138 :return: response json 139 """ 140 141 logger.info("Getting container vulnerability scan status from Lacework...") 142 143 # Build the Container Image Scan request URI 144 api_uri = f"/api/v1/external/vulnerabilities/container/reqId/{request_id}?" 145 146 if fixable is not None: 147 api_uri += f"&fixable={fixable}" 148 149 if severity: 150 api_uri += f"&severity={severity}" 151 152 response = self._session.get(api_uri) 153 154 return response.json() 155 156 def get_host_vulnerabilities(self, 157 fixable=None, 158 namespace=None, 159 severity=None, 160 start_time=None, 161 end_time=None, 162 cve=None): 163 """ 164 A method to get the Host Vulnerabilities found by Lacework. 165 166 :param fixable: A boolean which filters for fixable vulnerabilities. 167 :param namespace: A string representing the package namespace for which to filter results. 168 :param severity: A string representing the severity for which to filter returned results. 169 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 170 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 171 :param cve: A string representing the CVE ID for which to filter returned results. 172 173 :return: response json 174 """ 175 176 logger.info("Getting host vulnerabilities from Lacework...") 177 178 # Build the Host Vulnerabilities request URI 179 api_uri = "/api/v1/external/vulnerabilities/host?" 180 181 if fixable is not None: 182 api_uri += f"&fixable={fixable}" 183 184 if namespace: 185 api_uri += f"&namespace={namespace}" 186 187 if severity: 188 api_uri += f"&severity={severity}" 189 190 if start_time and end_time: 191 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 192 193 if cve: 194 api_uri += f"&vuln_id={cve}" 195 196 response = self._session.get(api_uri) 197 198 return response.json() 199 200 def get_host_vulnerabilities_by_cve(self, 201 cve, 202 hostname=None, 203 machine_status=None, 204 status=None): 205 """ 206 A method to get the Host Vulnerabilities by CVE. 207 208 :param cve: A string representing the CVE ID for which to filter returned results. 209 :param hostname: A string representing a hostname for which to filter returned results. 210 :param machine_status: A string representing the machine status for which to filter results. 211 :param status: A string representing a status for which to filter results. 212 ("New", "Active", or "Fixed") 213 214 :return: response json 215 """ 216 217 logger.info("Getting host vulnerabilities by CVE from Lacework...") 218 219 # Build the Host Vulnerabilities by CVE URI 220 api_uri = f"/api/v1/external/vulnerabilities/host/cveId/{cve}?" 221 222 if hostname: 223 api_uri += f"&hostname={hostname}" 224 225 if machine_status: 226 api_uri += f"&machine_status={machine_status}" 227 228 if status: 229 if status.capitalize() in ["New", "Active", "Fixed"]: 230 api_uri += f"&status={status}" 231 else: 232 print(f"Invalid status parameter '{status}' provided.") 233 return None 234 235 response = self._session.get(api_uri) 236 237 return response.json() 238 239 def get_host_vulnerabilities_by_machine_id(self, 240 machine, 241 fixable=None, 242 namespace=None, 243 severity=None, 244 start_time=None, 245 end_time=None, 246 cve=None): 247 """ 248 A method to get the Host Vulnerabilities by Machine ID. 249 250 :param machine: A string representing the Lacework Machine ID. 251 :param fixable: A boolean which filters for fixable vulnerabilities. 252 :param namespace: A string representing the package namespace for which to filter results. 253 :param severity: A string representing a severity for which to filter returned results. 254 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 255 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 256 :param cve: A string representing the CVE ID for which to filter returned results. 257 258 :return: response json 259 """ 260 261 logger.info("Getting host vulnerabilities by machine ID from Lacework...") 262 263 # Build the Host Vulnerabilities by Machine ID URI 264 api_uri = f"/api/v1/external/vulnerabilities/host/machineId/{machine}?" 265 266 if fixable is not None: 267 api_uri += f"&fixable={fixable}" 268 269 if namespace: 270 api_uri += f"&namespace={namespace}" 271 272 if severity: 273 api_uri += f"&severity={severity}" 274 275 if start_time and end_time: 276 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 277 278 if cve: 279 api_uri += f"&vuln_id={cve}" 280 281 response = self._session.get(api_uri) 282 283 return response.json() 284 285 def initiate_package_scan(self, 286 os_pkg_info_list=None, 287 os=None, 288 os_version=None, 289 package=None, 290 package_version=None): 291 """ 292 A method to initiate a package vulnerability scan in Lacework. 293 294 :param os_pkg_info_list: A Lacework PackageScanRequest object. This is a list of packages to be scanned 295 given the OS, OS Version, Package, and Package Version. Up to 1,000 packages can be submitted with 296 a single request. 297 298 :param os: A string representing the operating system for which to initiate a scan. 299 :param os_version: A string representing the operating system version(s) for which to initiate a scan. 300 :param package: A string representing the software package for which to initiate a scan. 301 :param package_version: A string representing the software package version(s) for which to initiate a scan. 302 303 :return: response json 304 """ 305 306 logger.info("Initiating package vulnerability scan in Lacework...") 307 308 # Build the Host Vulnerabilities request URI 309 api_uri = "/api/v1/external/vulnerabilities/scan" 310 311 # If an os_pkg_info_list was provided, use that, otherwise use the individual parameters 312 if os_pkg_info_list: 313 packages = os_pkg_info_list 314 else: 315 # Make sure all fields were supplied 316 if os and os_version and package and package_version: 317 packages = [{ 318 "os": os, 319 "os_ver": os_version, 320 "pkg": package, 321 "pkg_ver": package_version 322 }] 323 else: 324 logger.error("If no 'os_pkg_info_list' is supplied, all package parameters need to be provided.") 325 exit() 326 327 data = { 328 "os_pkg_info_list": packages 329 } 330 331 response = self._session.post(api_uri, data=data) 332 333 return response.json()
12class VulnerabilityAPI: 13 """ 14 Lacework Vulnerability API. 15 """ 16 17 def __init__(self, session): 18 """ 19 Initializes the VulnerabilityAPI object. 20 21 :param session: An instance of the HttpSession class 22 23 :return VulnerabilityAPI object. 24 """ 25 26 super().__init__() 27 28 self._session = session 29 30 def get_container_assessments_by_date(self, 31 start_time=None, 32 end_time=None): 33 """ 34 A method to get a list of container vulnerability assessments for the specified date range. 35 36 :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. 37 :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. 38 39 :return: response json 40 """ 41 42 logger.info("Getting container vulnerability assessments from Lacework...") 43 44 # Build the Host Vulnerabilities request URI 45 api_uri = "/api/v1/external/vulnerabilities/container/GetAssessmentsForDateRange?" 46 47 if start_time and end_time: 48 api_uri += f"&START_TIME={start_time}&END_TIME={end_time}" 49 50 response = self._session.get(api_uri) 51 52 return response.json() 53 54 def get_container_vulnerabilities(self, 55 image_digest=None, 56 image_id=None, 57 severity=None, 58 fixable=None, 59 start_time=None, 60 end_time=None): 61 """ 62 A method to get the last scan data of the specified container. 63 64 :param image_digest: A string representing the container image digest for which to fetch vulnerabilities. 65 :param image_id: A string representing the container image ID for which to fetch vulnerabilities. 66 :param severity: A string representing the severity of vulnerabilities to fetch. 67 :param fixable: A boolean which filters for fixable vulnerabilities. 68 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 69 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 70 71 :return: response json 72 """ 73 74 logger.info("Getting container vulnerabilities from Lacework...") 75 76 if image_digest: 77 # Build the Container Vulnerability request URI 78 api_uri = f"/api/v1/external/vulnerabilities/container/imageDigest/{image_digest}?" 79 elif image_id: 80 # Build the Container Vulnerability request URI 81 api_uri = f"/api/v1/external/vulnerabilities/container/imageId/{image_id}?" 82 else: 83 logger.error("An Image Digest or Image ID must be specified.") 84 exit() 85 86 if fixable is not None: 87 api_uri += f"&fixable={fixable}" 88 89 if severity: 90 api_uri += f"&severity={severity}" 91 92 if start_time and end_time: 93 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 94 95 response = self._session.get(api_uri) 96 97 return response.json() 98 99 def initiate_container_scan(self, 100 registry, 101 repository, 102 tag): 103 """ 104 A method to initiate a container vulnerability scan. 105 106 :param registry: A string representing the container registry. 107 :param repository: A string representing the container repository. 108 :param tag: A string representing the container tag. 109 110 :return: response json 111 """ 112 113 logger.info("Initiating container vulnerability scan in Lacework...") 114 115 # Build the Container Image Scan request URI 116 api_uri = "/api/v1/external/vulnerabilities/container/repository/images/scan" 117 118 data = { 119 "registry": registry, 120 "repository": repository, 121 "tag": tag 122 } 123 124 response = self._session.post(api_uri, data=data) 125 126 return response.json() 127 128 def get_container_scan_status(self, 129 request_id, 130 severity=None, 131 fixable=None): 132 """ 133 A method to get the status/results of a container vulnerability scan from Lacework. 134 135 :param request_id: A string representing the request ID to be queried. 136 :param severity: A string representing the severity of vulnerabilities to fetch. 137 :param fixable: A boolean which filters for fixable vulnerabilities. 138 139 :return: response json 140 """ 141 142 logger.info("Getting container vulnerability scan status from Lacework...") 143 144 # Build the Container Image Scan request URI 145 api_uri = f"/api/v1/external/vulnerabilities/container/reqId/{request_id}?" 146 147 if fixable is not None: 148 api_uri += f"&fixable={fixable}" 149 150 if severity: 151 api_uri += f"&severity={severity}" 152 153 response = self._session.get(api_uri) 154 155 return response.json() 156 157 def get_host_vulnerabilities(self, 158 fixable=None, 159 namespace=None, 160 severity=None, 161 start_time=None, 162 end_time=None, 163 cve=None): 164 """ 165 A method to get the Host Vulnerabilities found by Lacework. 166 167 :param fixable: A boolean which filters for fixable vulnerabilities. 168 :param namespace: A string representing the package namespace for which to filter results. 169 :param severity: A string representing the severity for which to filter returned results. 170 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 171 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 172 :param cve: A string representing the CVE ID for which to filter returned results. 173 174 :return: response json 175 """ 176 177 logger.info("Getting host vulnerabilities from Lacework...") 178 179 # Build the Host Vulnerabilities request URI 180 api_uri = "/api/v1/external/vulnerabilities/host?" 181 182 if fixable is not None: 183 api_uri += f"&fixable={fixable}" 184 185 if namespace: 186 api_uri += f"&namespace={namespace}" 187 188 if severity: 189 api_uri += f"&severity={severity}" 190 191 if start_time and end_time: 192 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 193 194 if cve: 195 api_uri += f"&vuln_id={cve}" 196 197 response = self._session.get(api_uri) 198 199 return response.json() 200 201 def get_host_vulnerabilities_by_cve(self, 202 cve, 203 hostname=None, 204 machine_status=None, 205 status=None): 206 """ 207 A method to get the Host Vulnerabilities by CVE. 208 209 :param cve: A string representing the CVE ID for which to filter returned results. 210 :param hostname: A string representing a hostname for which to filter returned results. 211 :param machine_status: A string representing the machine status for which to filter results. 212 :param status: A string representing a status for which to filter results. 213 ("New", "Active", or "Fixed") 214 215 :return: response json 216 """ 217 218 logger.info("Getting host vulnerabilities by CVE from Lacework...") 219 220 # Build the Host Vulnerabilities by CVE URI 221 api_uri = f"/api/v1/external/vulnerabilities/host/cveId/{cve}?" 222 223 if hostname: 224 api_uri += f"&hostname={hostname}" 225 226 if machine_status: 227 api_uri += f"&machine_status={machine_status}" 228 229 if status: 230 if status.capitalize() in ["New", "Active", "Fixed"]: 231 api_uri += f"&status={status}" 232 else: 233 print(f"Invalid status parameter '{status}' provided.") 234 return None 235 236 response = self._session.get(api_uri) 237 238 return response.json() 239 240 def get_host_vulnerabilities_by_machine_id(self, 241 machine, 242 fixable=None, 243 namespace=None, 244 severity=None, 245 start_time=None, 246 end_time=None, 247 cve=None): 248 """ 249 A method to get the Host Vulnerabilities by Machine ID. 250 251 :param machine: A string representing the Lacework Machine ID. 252 :param fixable: A boolean which filters for fixable vulnerabilities. 253 :param namespace: A string representing the package namespace for which to filter results. 254 :param severity: A string representing a severity for which to filter returned results. 255 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 256 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 257 :param cve: A string representing the CVE ID for which to filter returned results. 258 259 :return: response json 260 """ 261 262 logger.info("Getting host vulnerabilities by machine ID from Lacework...") 263 264 # Build the Host Vulnerabilities by Machine ID URI 265 api_uri = f"/api/v1/external/vulnerabilities/host/machineId/{machine}?" 266 267 if fixable is not None: 268 api_uri += f"&fixable={fixable}" 269 270 if namespace: 271 api_uri += f"&namespace={namespace}" 272 273 if severity: 274 api_uri += f"&severity={severity}" 275 276 if start_time and end_time: 277 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 278 279 if cve: 280 api_uri += f"&vuln_id={cve}" 281 282 response = self._session.get(api_uri) 283 284 return response.json() 285 286 def initiate_package_scan(self, 287 os_pkg_info_list=None, 288 os=None, 289 os_version=None, 290 package=None, 291 package_version=None): 292 """ 293 A method to initiate a package vulnerability scan in Lacework. 294 295 :param os_pkg_info_list: A Lacework PackageScanRequest object. This is a list of packages to be scanned 296 given the OS, OS Version, Package, and Package Version. Up to 1,000 packages can be submitted with 297 a single request. 298 299 :param os: A string representing the operating system for which to initiate a scan. 300 :param os_version: A string representing the operating system version(s) for which to initiate a scan. 301 :param package: A string representing the software package for which to initiate a scan. 302 :param package_version: A string representing the software package version(s) for which to initiate a scan. 303 304 :return: response json 305 """ 306 307 logger.info("Initiating package vulnerability scan in Lacework...") 308 309 # Build the Host Vulnerabilities request URI 310 api_uri = "/api/v1/external/vulnerabilities/scan" 311 312 # If an os_pkg_info_list was provided, use that, otherwise use the individual parameters 313 if os_pkg_info_list: 314 packages = os_pkg_info_list 315 else: 316 # Make sure all fields were supplied 317 if os and os_version and package and package_version: 318 packages = [{ 319 "os": os, 320 "os_ver": os_version, 321 "pkg": package, 322 "pkg_ver": package_version 323 }] 324 else: 325 logger.error("If no 'os_pkg_info_list' is supplied, all package parameters need to be provided.") 326 exit() 327 328 data = { 329 "os_pkg_info_list": packages 330 } 331 332 response = self._session.post(api_uri, data=data) 333 334 return response.json()
Lacework Vulnerability API.
17 def __init__(self, session): 18 """ 19 Initializes the VulnerabilityAPI object. 20 21 :param session: An instance of the HttpSession class 22 23 :return VulnerabilityAPI object. 24 """ 25 26 super().__init__() 27 28 self._session = session
Initializes the VulnerabilityAPI object.
Parameters
- session: An instance of the HttpSession class
:return VulnerabilityAPI object.
30 def get_container_assessments_by_date(self, 31 start_time=None, 32 end_time=None): 33 """ 34 A method to get a list of container vulnerability assessments for the specified date range. 35 36 :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. 37 :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. 38 39 :return: response json 40 """ 41 42 logger.info("Getting container vulnerability assessments from Lacework...") 43 44 # Build the Host Vulnerabilities request URI 45 api_uri = "/api/v1/external/vulnerabilities/container/GetAssessmentsForDateRange?" 46 47 if start_time and end_time: 48 api_uri += f"&START_TIME={start_time}&END_TIME={end_time}" 49 50 response = self._session.get(api_uri) 51 52 return response.json()
A method to get a list of container vulnerability assessments for the specified date range.
Parameters
- start_time: A "%Y-%m-%dT%H:%M: %SZ" structured timestamp to begin from.
- end_time: A "%Y-%m-%dT%H:%M: %S%Z" structured timestamp to end at.
Returns
response json
54 def get_container_vulnerabilities(self, 55 image_digest=None, 56 image_id=None, 57 severity=None, 58 fixable=None, 59 start_time=None, 60 end_time=None): 61 """ 62 A method to get the last scan data of the specified container. 63 64 :param image_digest: A string representing the container image digest for which to fetch vulnerabilities. 65 :param image_id: A string representing the container image ID for which to fetch vulnerabilities. 66 :param severity: A string representing the severity of vulnerabilities to fetch. 67 :param fixable: A boolean which filters for fixable vulnerabilities. 68 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 69 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 70 71 :return: response json 72 """ 73 74 logger.info("Getting container vulnerabilities from Lacework...") 75 76 if image_digest: 77 # Build the Container Vulnerability request URI 78 api_uri = f"/api/v1/external/vulnerabilities/container/imageDigest/{image_digest}?" 79 elif image_id: 80 # Build the Container Vulnerability request URI 81 api_uri = f"/api/v1/external/vulnerabilities/container/imageId/{image_id}?" 82 else: 83 logger.error("An Image Digest or Image ID must be specified.") 84 exit() 85 86 if fixable is not None: 87 api_uri += f"&fixable={fixable}" 88 89 if severity: 90 api_uri += f"&severity={severity}" 91 92 if start_time and end_time: 93 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 94 95 response = self._session.get(api_uri) 96 97 return response.json()
A method to get the last scan data of the specified container.
Parameters
- image_digest: A string representing the container image digest for which to fetch vulnerabilities.
- image_id: A string representing the container image ID for which to fetch vulnerabilities.
- severity: A string representing the severity of vulnerabilities to fetch.
- fixable: A boolean which filters for fixable vulnerabilities.
- start_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to begin from.
- end_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to end at.
Returns
response json
99 def initiate_container_scan(self, 100 registry, 101 repository, 102 tag): 103 """ 104 A method to initiate a container vulnerability scan. 105 106 :param registry: A string representing the container registry. 107 :param repository: A string representing the container repository. 108 :param tag: A string representing the container tag. 109 110 :return: response json 111 """ 112 113 logger.info("Initiating container vulnerability scan in Lacework...") 114 115 # Build the Container Image Scan request URI 116 api_uri = "/api/v1/external/vulnerabilities/container/repository/images/scan" 117 118 data = { 119 "registry": registry, 120 "repository": repository, 121 "tag": tag 122 } 123 124 response = self._session.post(api_uri, data=data) 125 126 return response.json()
A method to initiate a container vulnerability scan.
Parameters
- registry: A string representing the container registry.
- repository: A string representing the container repository.
- tag: A string representing the container tag.
Returns
response json
128 def get_container_scan_status(self, 129 request_id, 130 severity=None, 131 fixable=None): 132 """ 133 A method to get the status/results of a container vulnerability scan from Lacework. 134 135 :param request_id: A string representing the request ID to be queried. 136 :param severity: A string representing the severity of vulnerabilities to fetch. 137 :param fixable: A boolean which filters for fixable vulnerabilities. 138 139 :return: response json 140 """ 141 142 logger.info("Getting container vulnerability scan status from Lacework...") 143 144 # Build the Container Image Scan request URI 145 api_uri = f"/api/v1/external/vulnerabilities/container/reqId/{request_id}?" 146 147 if fixable is not None: 148 api_uri += f"&fixable={fixable}" 149 150 if severity: 151 api_uri += f"&severity={severity}" 152 153 response = self._session.get(api_uri) 154 155 return response.json()
A method to get the status/results of a container vulnerability scan from Lacework.
Parameters
- request_id: A string representing the request ID to be queried.
- severity: A string representing the severity of vulnerabilities to fetch.
- fixable: A boolean which filters for fixable vulnerabilities.
Returns
response json
157 def get_host_vulnerabilities(self, 158 fixable=None, 159 namespace=None, 160 severity=None, 161 start_time=None, 162 end_time=None, 163 cve=None): 164 """ 165 A method to get the Host Vulnerabilities found by Lacework. 166 167 :param fixable: A boolean which filters for fixable vulnerabilities. 168 :param namespace: A string representing the package namespace for which to filter results. 169 :param severity: A string representing the severity for which to filter returned results. 170 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 171 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 172 :param cve: A string representing the CVE ID for which to filter returned results. 173 174 :return: response json 175 """ 176 177 logger.info("Getting host vulnerabilities from Lacework...") 178 179 # Build the Host Vulnerabilities request URI 180 api_uri = "/api/v1/external/vulnerabilities/host?" 181 182 if fixable is not None: 183 api_uri += f"&fixable={fixable}" 184 185 if namespace: 186 api_uri += f"&namespace={namespace}" 187 188 if severity: 189 api_uri += f"&severity={severity}" 190 191 if start_time and end_time: 192 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 193 194 if cve: 195 api_uri += f"&vuln_id={cve}" 196 197 response = self._session.get(api_uri) 198 199 return response.json()
A method to get the Host Vulnerabilities found by Lacework.
Parameters
- fixable: A boolean which filters for fixable vulnerabilities.
- namespace: A string representing the package namespace for which to filter results.
- severity: A string representing the severity for which to filter returned results.
- start_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to begin from.
- end_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to end at.
- cve: A string representing the CVE ID for which to filter returned results.
Returns
response json
201 def get_host_vulnerabilities_by_cve(self, 202 cve, 203 hostname=None, 204 machine_status=None, 205 status=None): 206 """ 207 A method to get the Host Vulnerabilities by CVE. 208 209 :param cve: A string representing the CVE ID for which to filter returned results. 210 :param hostname: A string representing a hostname for which to filter returned results. 211 :param machine_status: A string representing the machine status for which to filter results. 212 :param status: A string representing a status for which to filter results. 213 ("New", "Active", or "Fixed") 214 215 :return: response json 216 """ 217 218 logger.info("Getting host vulnerabilities by CVE from Lacework...") 219 220 # Build the Host Vulnerabilities by CVE URI 221 api_uri = f"/api/v1/external/vulnerabilities/host/cveId/{cve}?" 222 223 if hostname: 224 api_uri += f"&hostname={hostname}" 225 226 if machine_status: 227 api_uri += f"&machine_status={machine_status}" 228 229 if status: 230 if status.capitalize() in ["New", "Active", "Fixed"]: 231 api_uri += f"&status={status}" 232 else: 233 print(f"Invalid status parameter '{status}' provided.") 234 return None 235 236 response = self._session.get(api_uri) 237 238 return response.json()
A method to get the Host Vulnerabilities by CVE.
Parameters
- cve: A string representing the CVE ID for which to filter returned results.
- hostname: A string representing a hostname for which to filter returned results.
- machine_status: A string representing the machine status for which to filter results.
- status: A string representing a status for which to filter results. ("New", "Active", or "Fixed")
Returns
response json
240 def get_host_vulnerabilities_by_machine_id(self, 241 machine, 242 fixable=None, 243 namespace=None, 244 severity=None, 245 start_time=None, 246 end_time=None, 247 cve=None): 248 """ 249 A method to get the Host Vulnerabilities by Machine ID. 250 251 :param machine: A string representing the Lacework Machine ID. 252 :param fixable: A boolean which filters for fixable vulnerabilities. 253 :param namespace: A string representing the package namespace for which to filter results. 254 :param severity: A string representing a severity for which to filter returned results. 255 :param start_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to begin from. 256 :param end_time: A "%Y-%m-%dT%H:%M:%S%z" structured timestamp to end at. 257 :param cve: A string representing the CVE ID for which to filter returned results. 258 259 :return: response json 260 """ 261 262 logger.info("Getting host vulnerabilities by machine ID from Lacework...") 263 264 # Build the Host Vulnerabilities by Machine ID URI 265 api_uri = f"/api/v1/external/vulnerabilities/host/machineId/{machine}?" 266 267 if fixable is not None: 268 api_uri += f"&fixable={fixable}" 269 270 if namespace: 271 api_uri += f"&namespace={namespace}" 272 273 if severity: 274 api_uri += f"&severity={severity}" 275 276 if start_time and end_time: 277 api_uri += f"&StartTime={start_time}&EndTime={end_time}" 278 279 if cve: 280 api_uri += f"&vuln_id={cve}" 281 282 response = self._session.get(api_uri) 283 284 return response.json()
A method to get the Host Vulnerabilities by Machine ID.
Parameters
- machine: A string representing the Lacework Machine ID.
- fixable: A boolean which filters for fixable vulnerabilities.
- namespace: A string representing the package namespace for which to filter results.
- severity: A string representing a severity for which to filter returned results.
- start_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to begin from.
- end_time: A "%Y-%m-%dT%H:%M: %S%z" structured timestamp to end at.
- cve: A string representing the CVE ID for which to filter returned results.
Returns
response json
286 def initiate_package_scan(self, 287 os_pkg_info_list=None, 288 os=None, 289 os_version=None, 290 package=None, 291 package_version=None): 292 """ 293 A method to initiate a package vulnerability scan in Lacework. 294 295 :param os_pkg_info_list: A Lacework PackageScanRequest object. This is a list of packages to be scanned 296 given the OS, OS Version, Package, and Package Version. Up to 1,000 packages can be submitted with 297 a single request. 298 299 :param os: A string representing the operating system for which to initiate a scan. 300 :param os_version: A string representing the operating system version(s) for which to initiate a scan. 301 :param package: A string representing the software package for which to initiate a scan. 302 :param package_version: A string representing the software package version(s) for which to initiate a scan. 303 304 :return: response json 305 """ 306 307 logger.info("Initiating package vulnerability scan in Lacework...") 308 309 # Build the Host Vulnerabilities request URI 310 api_uri = "/api/v1/external/vulnerabilities/scan" 311 312 # If an os_pkg_info_list was provided, use that, otherwise use the individual parameters 313 if os_pkg_info_list: 314 packages = os_pkg_info_list 315 else: 316 # Make sure all fields were supplied 317 if os and os_version and package and package_version: 318 packages = [{ 319 "os": os, 320 "os_ver": os_version, 321 "pkg": package, 322 "pkg_ver": package_version 323 }] 324 else: 325 logger.error("If no 'os_pkg_info_list' is supplied, all package parameters need to be provided.") 326 exit() 327 328 data = { 329 "os_pkg_info_list": packages 330 } 331 332 response = self._session.post(api_uri, data=data) 333 334 return response.json()
A method to initiate a package vulnerability scan in Lacework.
Parameters
os_pkg_info_list: A Lacework PackageScanRequest object. This is a list of packages to be scanned given the OS, OS Version, Package, and Package Version. Up to 1,000 packages can be submitted with a single request.
os: A string representing the operating system for which to initiate a scan.
- os_version: A string representing the operating system version(s) for which to initiate a scan.
- package: A string representing the software package for which to initiate a scan.
- package_version: A string representing the software package version(s) for which to initiate a scan.
Returns
response json