laceworksdk.api.v2.alert_rules
Lacework AlertRules API wrapper.
1# -*- coding: utf-8 -*- 2""" 3Lacework AlertRules API wrapper. 4""" 5 6from laceworksdk.api.crud_endpoint import CrudEndpoint 7 8 9class AlertRulesAPI(CrudEndpoint): 10 11 def __init__(self, session): 12 """ 13 Initializes the AlertRulesAPI object. 14 15 :param session: An instance of the HttpSession class 16 17 :return AlertRulesAPI object. 18 """ 19 20 super().__init__(session, "AlertRules") 21 22 def create(self, 23 type, 24 filters, 25 intg_guid_list, 26 **request_params): 27 """ 28 A method to create a new AlertRules object. 29 30 :param type: A string representing the type of the object. 31 ('Event') 32 :param filters: A filter object for the object configuration. 33 obj: 34 :param name: A string representing the object name. 35 :param description: A string representing the object description. 36 :param enabled: A boolean/integer representing whether the object is enabled. 37 (0 or 1) 38 :param resourceGroups: A list of resource groups to define for the object. 39 :param eventCategory: A list of event categories to define for the object. 40 ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") 41 :param severity: A list of alert severities to define for the object. 42 (1, 2, 3, 4, 5) 43 :param intg_guid_list: A list of integration GUIDs representing the alert channels to use. 44 :param request_params: Additional request parameters. 45 (provides support for parameters that may be added in the future) 46 47 :return response json 48 """ 49 50 return super().create( 51 type=type, 52 filters=self._format_filters(filters), 53 intg_guid_list=intg_guid_list, 54 **request_params 55 ) 56 57 def get(self, 58 guid=None): 59 """ 60 A method to get AlertRules objects. 61 62 :param guid: A string representing the object GUID. 63 64 :return response json 65 """ 66 67 return super().get(id=guid) 68 69 def get_by_guid(self, 70 guid): 71 """ 72 A method to get an AlertRules object by GUID. 73 74 :param guid: A string representing the object GUID. 75 76 :return response json 77 """ 78 79 return self.get(guid=guid) 80 81 def update(self, 82 guid, 83 type=None, 84 filters=None, 85 intg_guid_list=None, 86 **request_params): 87 """ 88 A method to update an AlertRules object. 89 90 :param guid: A string representing the object GUID. 91 :param type: A string representing the type of the object. 92 ('Event') 93 :param filters: A filter object for the object configuration. 94 obj: 95 :param name: A string representing the object name. 96 :param description: A string representing the object description. 97 :param enabled: A boolean/integer representing whether the object is enabled. 98 (0 or 1) 99 :param resourceGroups: A list of resource groups to define for the object. 100 :param eventCategory: A list of event categories to define for the object. 101 ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") 102 :param severity: A list of alert severities to define for the object. 103 (1, 2, 3, 4, 5) 104 :param intg_guid_list: A list of integration GUIDs representing the alert channels to use. 105 :param request_params: Additional request parameters. 106 (provides support for parameters that may be added in the future) 107 108 :return response json 109 """ 110 111 return super().update( 112 id=guid, 113 type=type, 114 filters=self._format_filters(filters), 115 intg_guid_list=intg_guid_list, 116 **request_params 117 ) 118 119 def delete(self, 120 guid): 121 """ 122 A method to delete an AlertRules object. 123 124 :param guid: A string representing the object GUID. 125 126 :return response json 127 """ 128 129 return super().delete(id=guid)
10class AlertRulesAPI(CrudEndpoint): 11 12 def __init__(self, session): 13 """ 14 Initializes the AlertRulesAPI object. 15 16 :param session: An instance of the HttpSession class 17 18 :return AlertRulesAPI object. 19 """ 20 21 super().__init__(session, "AlertRules") 22 23 def create(self, 24 type, 25 filters, 26 intg_guid_list, 27 **request_params): 28 """ 29 A method to create a new AlertRules object. 30 31 :param type: A string representing the type of the object. 32 ('Event') 33 :param filters: A filter object for the object configuration. 34 obj: 35 :param name: A string representing the object name. 36 :param description: A string representing the object description. 37 :param enabled: A boolean/integer representing whether the object is enabled. 38 (0 or 1) 39 :param resourceGroups: A list of resource groups to define for the object. 40 :param eventCategory: A list of event categories to define for the object. 41 ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") 42 :param severity: A list of alert severities to define for the object. 43 (1, 2, 3, 4, 5) 44 :param intg_guid_list: A list of integration GUIDs representing the alert channels to use. 45 :param request_params: Additional request parameters. 46 (provides support for parameters that may be added in the future) 47 48 :return response json 49 """ 50 51 return super().create( 52 type=type, 53 filters=self._format_filters(filters), 54 intg_guid_list=intg_guid_list, 55 **request_params 56 ) 57 58 def get(self, 59 guid=None): 60 """ 61 A method to get AlertRules objects. 62 63 :param guid: A string representing the object GUID. 64 65 :return response json 66 """ 67 68 return super().get(id=guid) 69 70 def get_by_guid(self, 71 guid): 72 """ 73 A method to get an AlertRules object by GUID. 74 75 :param guid: A string representing the object GUID. 76 77 :return response json 78 """ 79 80 return self.get(guid=guid) 81 82 def update(self, 83 guid, 84 type=None, 85 filters=None, 86 intg_guid_list=None, 87 **request_params): 88 """ 89 A method to update an AlertRules object. 90 91 :param guid: A string representing the object GUID. 92 :param type: A string representing the type of the object. 93 ('Event') 94 :param filters: A filter object for the object configuration. 95 obj: 96 :param name: A string representing the object name. 97 :param description: A string representing the object description. 98 :param enabled: A boolean/integer representing whether the object is enabled. 99 (0 or 1) 100 :param resourceGroups: A list of resource groups to define for the object. 101 :param eventCategory: A list of event categories to define for the object. 102 ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") 103 :param severity: A list of alert severities to define for the object. 104 (1, 2, 3, 4, 5) 105 :param intg_guid_list: A list of integration GUIDs representing the alert channels to use. 106 :param request_params: Additional request parameters. 107 (provides support for parameters that may be added in the future) 108 109 :return response json 110 """ 111 112 return super().update( 113 id=guid, 114 type=type, 115 filters=self._format_filters(filters), 116 intg_guid_list=intg_guid_list, 117 **request_params 118 ) 119 120 def delete(self, 121 guid): 122 """ 123 A method to delete an AlertRules object. 124 125 :param guid: A string representing the object GUID. 126 127 :return response json 128 """ 129 130 return super().delete(id=guid)
A class used to implement CRUD create/read/update/delete functionality for Lacework API Endpoints
AlertRulesAPI(session)
12 def __init__(self, session): 13 """ 14 Initializes the AlertRulesAPI object. 15 16 :param session: An instance of the HttpSession class 17 18 :return AlertRulesAPI object. 19 """ 20 21 super().__init__(session, "AlertRules")
Initializes the AlertRulesAPI object.
Parameters
- session: An instance of the HttpSession class
:return AlertRulesAPI object.
def
create(self, type, filters, intg_guid_list, **request_params):
23 def create(self, 24 type, 25 filters, 26 intg_guid_list, 27 **request_params): 28 """ 29 A method to create a new AlertRules object. 30 31 :param type: A string representing the type of the object. 32 ('Event') 33 :param filters: A filter object for the object configuration. 34 obj: 35 :param name: A string representing the object name. 36 :param description: A string representing the object description. 37 :param enabled: A boolean/integer representing whether the object is enabled. 38 (0 or 1) 39 :param resourceGroups: A list of resource groups to define for the object. 40 :param eventCategory: A list of event categories to define for the object. 41 ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") 42 :param severity: A list of alert severities to define for the object. 43 (1, 2, 3, 4, 5) 44 :param intg_guid_list: A list of integration GUIDs representing the alert channels to use. 45 :param request_params: Additional request parameters. 46 (provides support for parameters that may be added in the future) 47 48 :return response json 49 """ 50 51 return super().create( 52 type=type, 53 filters=self._format_filters(filters), 54 intg_guid_list=intg_guid_list, 55 **request_params 56 )
A method to create a new AlertRules object.
Parameters
- type: A string representing the type of the object. ('Event')
- filters: A filter object for the object configuration. obj: :param name: A string representing the object name. :param description: A string representing the object description. :param enabled: A boolean/integer representing whether the object is enabled. (0 or 1) :param resourceGroups: A list of resource groups to define for the object. :param eventCategory: A list of event categories to define for the object. ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") :param severity: A list of alert severities to define for the object. (1, 2, 3, 4, 5)
- intg_guid_list: A list of integration GUIDs representing the alert channels to use.
- request_params: Additional request parameters. (provides support for parameters that may be added in the future)
:return response json
def
get(self, guid=None):
58 def get(self, 59 guid=None): 60 """ 61 A method to get AlertRules objects. 62 63 :param guid: A string representing the object GUID. 64 65 :return response json 66 """ 67 68 return super().get(id=guid)
A method to get AlertRules objects.
Parameters
- guid: A string representing the object GUID.
:return response json
def
get_by_guid(self, guid):
70 def get_by_guid(self, 71 guid): 72 """ 73 A method to get an AlertRules object by GUID. 74 75 :param guid: A string representing the object GUID. 76 77 :return response json 78 """ 79 80 return self.get(guid=guid)
A method to get an AlertRules object by GUID.
Parameters
- guid: A string representing the object GUID.
:return response json
def
update( self, guid, type=None, filters=None, intg_guid_list=None, **request_params):
82 def update(self, 83 guid, 84 type=None, 85 filters=None, 86 intg_guid_list=None, 87 **request_params): 88 """ 89 A method to update an AlertRules object. 90 91 :param guid: A string representing the object GUID. 92 :param type: A string representing the type of the object. 93 ('Event') 94 :param filters: A filter object for the object configuration. 95 obj: 96 :param name: A string representing the object name. 97 :param description: A string representing the object description. 98 :param enabled: A boolean/integer representing whether the object is enabled. 99 (0 or 1) 100 :param resourceGroups: A list of resource groups to define for the object. 101 :param eventCategory: A list of event categories to define for the object. 102 ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") 103 :param severity: A list of alert severities to define for the object. 104 (1, 2, 3, 4, 5) 105 :param intg_guid_list: A list of integration GUIDs representing the alert channels to use. 106 :param request_params: Additional request parameters. 107 (provides support for parameters that may be added in the future) 108 109 :return response json 110 """ 111 112 return super().update( 113 id=guid, 114 type=type, 115 filters=self._format_filters(filters), 116 intg_guid_list=intg_guid_list, 117 **request_params 118 )
A method to update an AlertRules object.
Parameters
- guid: A string representing the object GUID.
- type: A string representing the type of the object. ('Event')
- filters: A filter object for the object configuration. obj: :param name: A string representing the object name. :param description: A string representing the object description. :param enabled: A boolean/integer representing whether the object is enabled. (0 or 1) :param resourceGroups: A list of resource groups to define for the object. :param eventCategory: A list of event categories to define for the object. ("Compliance", "App", "Cloud", "File", "Machine", "User", "Platform", "K8sActivity") :param severity: A list of alert severities to define for the object. (1, 2, 3, 4, 5)
- intg_guid_list: A list of integration GUIDs representing the alert channels to use.
- request_params: Additional request parameters. (provides support for parameters that may be added in the future)
:return response json
def
delete(self, guid):
120 def delete(self, 121 guid): 122 """ 123 A method to delete an AlertRules object. 124 125 :param guid: A string representing the object GUID. 126 127 :return response json 128 """ 129 130 return super().delete(id=guid)
A method to delete an AlertRules object.
Parameters
- guid: A string representing the object GUID.
:return response json