laceworksdk.api.v2.queries

Lacework Queries API wrapper.

  1# -*- coding: utf-8 -*-
  2"""
  3Lacework Queries API wrapper.
  4"""
  5
  6from laceworksdk.api.crud_endpoint import CrudEndpoint
  7
  8
  9class QueriesAPI(CrudEndpoint):
 10
 11    def __init__(self, session):
 12        """
 13        Initializes the QueriesAPI object.
 14
 15        :param session: An instance of the HttpSession class
 16
 17        :return QueriesAPI object.
 18        """
 19
 20        super().__init__(session, "Queries")
 21
 22    def create(self,
 23               query_id,
 24               query_text,
 25               evaluator_id=None,
 26               **request_params):
 27        """
 28        A method to create a new Queries object.
 29
 30        :param query_id: A string representing the object query ID.
 31        :param query_text: A string representing the object query text.
 32        :param evaluator_id: A string representing the evaluator in which the
 33                query is to be run. This is an optional parameter, with the
 34                default behaviour of omitting the value while sending the API call.
 35        :param request_params: Additional request parameters.
 36            (provides support for parameters that may be added in the future)
 37
 38        :return response json
 39        """
 40
 41        return super().create(
 42            query_id=query_id,
 43            query_text=query_text,
 44            evaluator_id=evaluator_id,
 45            **request_params
 46        )
 47
 48    def get(self,
 49            query_id=None):
 50        """
 51        A method to get Queries objects.
 52
 53        :param query_id: A string representing the object query ID.
 54
 55        :return response json
 56        """
 57
 58        return super().get(id=query_id)
 59
 60    def get_by_id(self,
 61                  query_id):
 62        """
 63        A method to get a Queries object by query ID.
 64
 65        :param query_id: A string representing the object query ID.
 66
 67        :return response json
 68        """
 69
 70        return self.get(query_id=query_id)
 71
 72    def execute(self,
 73                evaluator_id=None,
 74                query_id=None,
 75                query_text=None,
 76                arguments={}):
 77        """
 78        A method to execute a Queries object.
 79
 80        :param evaluator_id: A string representing the evaluator in which the query object is to be run.
 81        :param query_id: A string representing the object query ID.
 82        :param query_text: A string representing the object query text.
 83        :param arguments: A dictionary of key/value pairs to be used as arguments in the query object.
 84
 85        :return response json
 86        """
 87
 88        json = {
 89            "arguments": []
 90        }
 91
 92        # Build the Queries request URI
 93        if query_id is None:
 94            json["query"] = {
 95                "queryText": query_text
 96            }
 97            if evaluator_id:
 98                json["query"]["evaluatorId"] = evaluator_id
 99
100        for key, value in arguments.items():
101            json["arguments"].append({
102                "name": key,
103                "value": value
104            })
105
106        response = self._session.post(self.build_url(action="execute"), json=json)
107
108        return response.json()
109
110    def execute_by_id(self,
111                      query_id,
112                      arguments={}):
113        """
114        A method to execute a Queries object by query ID.
115
116        :param query_id: A string representing the object query ID.
117        :param arguments: A dictionary of key/value pairs to be used as arguments in the query object.
118
119        :return response json
120        """
121
122        json = {
123            "arguments": []
124        }
125
126        for key, value in arguments.items():
127            json["arguments"].append({
128                "name": key,
129                "value": value
130            })
131
132        response = self._session.post(self.build_url(resource=query_id, action="execute"), json=json)
133
134        return response.json()
135
136    def validate(self,
137                 query_text,
138                 evaluator_id=None,
139                 **request_params):
140        """
141        A method to validate a Queries object.
142
143        :param query_text: A string representing the object query text.
144        :param evaluator_id: A string representing the evaluator in which the
145                query is to be run. Optional parameter, defaults to omitting
146                the evaluator from the validation request.
147
148        :return response json
149        """
150
151        json = self.build_dict_from_items(
152            request_params,
153            query_text=query_text,
154            evaluator_id=evaluator_id
155        )
156
157        response = self._session.post(self.build_url(action="validate"), json=json)
158
159        return response.json()
160
161    def update(self,
162               query_id,
163               query_text,
164               **request_params):
165        """
166        A method to update a Queries object.
167
168        :param query_id: A string representing the object query ID.
169        :param query_text: A string representing the object query text.
170        :param request_params: Additional request parameters.
171            (provides support for parameters that may be added in the future)
172
173        :return response json
174        """
175
176        return super().update(
177            id=query_id,
178            query_text=query_text,
179            **request_params
180        )
181
182    def delete(self,
183               query_id):
184        """
185        A method to delete a Queries object.
186
187        :param query_id: A string representing the object query ID.
188
189        :return response json
190        """
191
192        return super().delete(id=query_id)
class QueriesAPI(laceworksdk.api.crud_endpoint.CrudEndpoint):
 10class QueriesAPI(CrudEndpoint):
 11
 12    def __init__(self, session):
 13        """
 14        Initializes the QueriesAPI object.
 15
 16        :param session: An instance of the HttpSession class
 17
 18        :return QueriesAPI object.
 19        """
 20
 21        super().__init__(session, "Queries")
 22
 23    def create(self,
 24               query_id,
 25               query_text,
 26               evaluator_id=None,
 27               **request_params):
 28        """
 29        A method to create a new Queries object.
 30
 31        :param query_id: A string representing the object query ID.
 32        :param query_text: A string representing the object query text.
 33        :param evaluator_id: A string representing the evaluator in which the
 34                query is to be run. This is an optional parameter, with the
 35                default behaviour of omitting the value while sending the API call.
 36        :param request_params: Additional request parameters.
 37            (provides support for parameters that may be added in the future)
 38
 39        :return response json
 40        """
 41
 42        return super().create(
 43            query_id=query_id,
 44            query_text=query_text,
 45            evaluator_id=evaluator_id,
 46            **request_params
 47        )
 48
 49    def get(self,
 50            query_id=None):
 51        """
 52        A method to get Queries objects.
 53
 54        :param query_id: A string representing the object query ID.
 55
 56        :return response json
 57        """
 58
 59        return super().get(id=query_id)
 60
 61    def get_by_id(self,
 62                  query_id):
 63        """
 64        A method to get a Queries object by query ID.
 65
 66        :param query_id: A string representing the object query ID.
 67
 68        :return response json
 69        """
 70
 71        return self.get(query_id=query_id)
 72
 73    def execute(self,
 74                evaluator_id=None,
 75                query_id=None,
 76                query_text=None,
 77                arguments={}):
 78        """
 79        A method to execute a Queries object.
 80
 81        :param evaluator_id: A string representing the evaluator in which the query object is to be run.
 82        :param query_id: A string representing the object query ID.
 83        :param query_text: A string representing the object query text.
 84        :param arguments: A dictionary of key/value pairs to be used as arguments in the query object.
 85
 86        :return response json
 87        """
 88
 89        json = {
 90            "arguments": []
 91        }
 92
 93        # Build the Queries request URI
 94        if query_id is None:
 95            json["query"] = {
 96                "queryText": query_text
 97            }
 98            if evaluator_id:
 99                json["query"]["evaluatorId"] = evaluator_id
100
101        for key, value in arguments.items():
102            json["arguments"].append({
103                "name": key,
104                "value": value
105            })
106
107        response = self._session.post(self.build_url(action="execute"), json=json)
108
109        return response.json()
110
111    def execute_by_id(self,
112                      query_id,
113                      arguments={}):
114        """
115        A method to execute a Queries object by query ID.
116
117        :param query_id: A string representing the object query ID.
118        :param arguments: A dictionary of key/value pairs to be used as arguments in the query object.
119
120        :return response json
121        """
122
123        json = {
124            "arguments": []
125        }
126
127        for key, value in arguments.items():
128            json["arguments"].append({
129                "name": key,
130                "value": value
131            })
132
133        response = self._session.post(self.build_url(resource=query_id, action="execute"), json=json)
134
135        return response.json()
136
137    def validate(self,
138                 query_text,
139                 evaluator_id=None,
140                 **request_params):
141        """
142        A method to validate a Queries object.
143
144        :param query_text: A string representing the object query text.
145        :param evaluator_id: A string representing the evaluator in which the
146                query is to be run. Optional parameter, defaults to omitting
147                the evaluator from the validation request.
148
149        :return response json
150        """
151
152        json = self.build_dict_from_items(
153            request_params,
154            query_text=query_text,
155            evaluator_id=evaluator_id
156        )
157
158        response = self._session.post(self.build_url(action="validate"), json=json)
159
160        return response.json()
161
162    def update(self,
163               query_id,
164               query_text,
165               **request_params):
166        """
167        A method to update a Queries object.
168
169        :param query_id: A string representing the object query ID.
170        :param query_text: A string representing the object query text.
171        :param request_params: Additional request parameters.
172            (provides support for parameters that may be added in the future)
173
174        :return response json
175        """
176
177        return super().update(
178            id=query_id,
179            query_text=query_text,
180            **request_params
181        )
182
183    def delete(self,
184               query_id):
185        """
186        A method to delete a Queries object.
187
188        :param query_id: A string representing the object query ID.
189
190        :return response json
191        """
192
193        return super().delete(id=query_id)

A class used to implement CRUD create/read/update/delete functionality for Lacework API Endpoints

QueriesAPI(session)
12    def __init__(self, session):
13        """
14        Initializes the QueriesAPI object.
15
16        :param session: An instance of the HttpSession class
17
18        :return QueriesAPI object.
19        """
20
21        super().__init__(session, "Queries")

Initializes the QueriesAPI object.

Parameters
  • session: An instance of the HttpSession class

:return QueriesAPI object.

def create(self, query_id, query_text, evaluator_id=None, **request_params):
23    def create(self,
24               query_id,
25               query_text,
26               evaluator_id=None,
27               **request_params):
28        """
29        A method to create a new Queries object.
30
31        :param query_id: A string representing the object query ID.
32        :param query_text: A string representing the object query text.
33        :param evaluator_id: A string representing the evaluator in which the
34                query is to be run. This is an optional parameter, with the
35                default behaviour of omitting the value while sending the API call.
36        :param request_params: Additional request parameters.
37            (provides support for parameters that may be added in the future)
38
39        :return response json
40        """
41
42        return super().create(
43            query_id=query_id,
44            query_text=query_text,
45            evaluator_id=evaluator_id,
46            **request_params
47        )

A method to create a new Queries object.

Parameters
  • query_id: A string representing the object query ID.
  • query_text: A string representing the object query text.
  • evaluator_id: A string representing the evaluator in which the query is to be run. This is an optional parameter, with the default behaviour of omitting the value while sending the API call.
  • request_params: Additional request parameters. (provides support for parameters that may be added in the future)

:return response json

def get(self, query_id=None):
49    def get(self,
50            query_id=None):
51        """
52        A method to get Queries objects.
53
54        :param query_id: A string representing the object query ID.
55
56        :return response json
57        """
58
59        return super().get(id=query_id)

A method to get Queries objects.

Parameters
  • query_id: A string representing the object query ID.

:return response json

def get_by_id(self, query_id):
61    def get_by_id(self,
62                  query_id):
63        """
64        A method to get a Queries object by query ID.
65
66        :param query_id: A string representing the object query ID.
67
68        :return response json
69        """
70
71        return self.get(query_id=query_id)

A method to get a Queries object by query ID.

Parameters
  • query_id: A string representing the object query ID.

:return response json

def execute( self, evaluator_id=None, query_id=None, query_text=None, arguments={}):
 73    def execute(self,
 74                evaluator_id=None,
 75                query_id=None,
 76                query_text=None,
 77                arguments={}):
 78        """
 79        A method to execute a Queries object.
 80
 81        :param evaluator_id: A string representing the evaluator in which the query object is to be run.
 82        :param query_id: A string representing the object query ID.
 83        :param query_text: A string representing the object query text.
 84        :param arguments: A dictionary of key/value pairs to be used as arguments in the query object.
 85
 86        :return response json
 87        """
 88
 89        json = {
 90            "arguments": []
 91        }
 92
 93        # Build the Queries request URI
 94        if query_id is None:
 95            json["query"] = {
 96                "queryText": query_text
 97            }
 98            if evaluator_id:
 99                json["query"]["evaluatorId"] = evaluator_id
100
101        for key, value in arguments.items():
102            json["arguments"].append({
103                "name": key,
104                "value": value
105            })
106
107        response = self._session.post(self.build_url(action="execute"), json=json)
108
109        return response.json()

A method to execute a Queries object.

Parameters
  • evaluator_id: A string representing the evaluator in which the query object is to be run.
  • query_id: A string representing the object query ID.
  • query_text: A string representing the object query text.
  • arguments: A dictionary of key/value pairs to be used as arguments in the query object.

:return response json

def execute_by_id(self, query_id, arguments={}):
111    def execute_by_id(self,
112                      query_id,
113                      arguments={}):
114        """
115        A method to execute a Queries object by query ID.
116
117        :param query_id: A string representing the object query ID.
118        :param arguments: A dictionary of key/value pairs to be used as arguments in the query object.
119
120        :return response json
121        """
122
123        json = {
124            "arguments": []
125        }
126
127        for key, value in arguments.items():
128            json["arguments"].append({
129                "name": key,
130                "value": value
131            })
132
133        response = self._session.post(self.build_url(resource=query_id, action="execute"), json=json)
134
135        return response.json()

A method to execute a Queries object by query ID.

Parameters
  • query_id: A string representing the object query ID.
  • arguments: A dictionary of key/value pairs to be used as arguments in the query object.

:return response json

def validate(self, query_text, evaluator_id=None, **request_params):
137    def validate(self,
138                 query_text,
139                 evaluator_id=None,
140                 **request_params):
141        """
142        A method to validate a Queries object.
143
144        :param query_text: A string representing the object query text.
145        :param evaluator_id: A string representing the evaluator in which the
146                query is to be run. Optional parameter, defaults to omitting
147                the evaluator from the validation request.
148
149        :return response json
150        """
151
152        json = self.build_dict_from_items(
153            request_params,
154            query_text=query_text,
155            evaluator_id=evaluator_id
156        )
157
158        response = self._session.post(self.build_url(action="validate"), json=json)
159
160        return response.json()

A method to validate a Queries object.

Parameters
  • query_text: A string representing the object query text.
  • evaluator_id: A string representing the evaluator in which the query is to be run. Optional parameter, defaults to omitting the evaluator from the validation request.

:return response json

def update(self, query_id, query_text, **request_params):
162    def update(self,
163               query_id,
164               query_text,
165               **request_params):
166        """
167        A method to update a Queries object.
168
169        :param query_id: A string representing the object query ID.
170        :param query_text: A string representing the object query text.
171        :param request_params: Additional request parameters.
172            (provides support for parameters that may be added in the future)
173
174        :return response json
175        """
176
177        return super().update(
178            id=query_id,
179            query_text=query_text,
180            **request_params
181        )

A method to update a Queries object.

Parameters
  • query_id: A string representing the object query ID.
  • query_text: A string representing the object query text.
  • request_params: Additional request parameters. (provides support for parameters that may be added in the future)

:return response json

def delete(self, query_id):
183    def delete(self,
184               query_id):
185        """
186        A method to delete a Queries object.
187
188        :param query_id: A string representing the object query ID.
189
190        :return response json
191        """
192
193        return super().delete(id=query_id)

A method to delete a Queries object.

Parameters
  • query_id: A string representing the object query ID.

:return response json