Lacework

this connector integrates with lacework api prerequisites the lacework connector requires a host, key id, and secret key capabilities the lacework connector has the following capabilities audit logs searching cloud accounts management get events get vulnerabilities queries management for further information about lql you can visit the offical lql documentation https //docs lacework com/lql overview about filters filters can be optionally specified in the request body for more information about using filters, see the simple & advanced search section https //swimlane lacework net/api/v2/docs/#tag/overview this connector was last tested against product version 2 configurations lacework auth lacework configuration parameters parameter description type required url a url to the target host string required api key string required api secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions close alert close lacework alert with a comment endpoint url queries/execute method get input argument name type required description alert id string required unique identifier reason number required response reason phrase comment string optional parameter for close alert output parameter type description message string response message example \[ { "message" "string" } ] create compliance exceptions create lacework compliance exceptions endpoint url /api/v2/vulnerabilityexceptions method post input argument name type required description params object optional parameter for create compliance exceptions exceptionname string optional name of the resource exceptionreason string optional response reason phrase resourcescope object optional parameter for create compliance exceptions imageid array optional unique identifier imagetag array optional parameter for create compliance exceptions registry array optional parameter for create compliance exceptions repository array optional parameter for create compliance exceptions namespace array optional name of the resource vulnerabilitycriteria object optional parameter for create compliance exceptions cve array optional parameter for create compliance exceptions package array optional parameter for create compliance exceptions severity array optional parameter for create compliance exceptions fixable array optional parameter for create compliance exceptions expirytime string optional time value state number optional parameter for create compliance exceptions props object optional parameter for create compliance exceptions description string optional parameter for create compliance exceptions createdby string optional parameter for create compliance exceptions updatedby string optional parameter for create compliance exceptions exceptiontype string optional type of the resource output parameter type description data object response data createdtime string time value exceptionguid string unique identifier exceptionname string name of the resource exceptionreason string response reason phrase exceptiontype string type of the resource expirytime string time value props object output field props description string output field description createdby string output field createdby updatedby string output field updatedby resourcescope object output field resourcescope registry array output field registry state number output field state updatedtime string time value vulnerabilitycriteria object output field vulnerabilitycriteria severity array output field severity example \[ { "data" { "createdtime" "2021 12 18t08 30 00z", "exceptionguid" "lwabc", "exceptionname" "container vulnerability exception", "exceptionreason" "accepted risk", "exceptiontype" "container", "expirytime" "2021 12 28t08 30 00z", "props" {}, "resourcescope" {}, "state" 1, "updatedtime" "2021 12 18t08 30 00z", "vulnerabilitycriteria" {} } } ] create vulnerability exceptions create lacework vulnerability exceptions endpoint url /api/v2/vulnerabilityexceptions method post input argument name type required description params object optional parameter for create vulnerability exceptions exceptionname string optional name of the resource exceptionreason string optional response reason phrase resourcescope object optional parameter for create vulnerability exceptions imageid array optional unique identifier imagetag array optional parameter for create vulnerability exceptions registry array optional parameter for create vulnerability exceptions repository array optional parameter for create vulnerability exceptions namespace array optional name of the resource vulnerabilitycriteria object optional parameter for create vulnerability exceptions cve array optional parameter for create vulnerability exceptions package array optional parameter for create vulnerability exceptions severity array optional parameter for create vulnerability exceptions fixable array optional parameter for create vulnerability exceptions expirytime string optional time value state number optional parameter for create vulnerability exceptions props object optional parameter for create vulnerability exceptions description string optional parameter for create vulnerability exceptions createdby string optional parameter for create vulnerability exceptions updatedby string optional parameter for create vulnerability exceptions exceptiontype string optional type of the resource output parameter type description data object response data createdtime string time value exceptionguid string unique identifier exceptionname string name of the resource exceptionreason string response reason phrase exceptiontype string type of the resource expirytime string time value props object output field props description string output field description createdby string output field createdby updatedby string output field updatedby resourcescope object output field resourcescope registry array output field registry state number output field state updatedtime string time value vulnerabilitycriteria object output field vulnerabilitycriteria severity array output field severity example \[ { "data" { "createdtime" "2021 12 18t08 30 00z", "exceptionguid" "lwabc", "exceptionname" "container vulnerability exception", "exceptionreason" "accepted risk", "exceptiontype" "container", "expirytime" "2021 12 28t08 30 00z", "props" {}, "resourcescope" {}, "state" 1, "updatedtime" "2021 12 18t08 30 00z", "vulnerabilitycriteria" {} } } ] get alert metadata lacework get alert metadata endpoint url /api/v2/alerts/ method get input argument name type required description alert id string required alert id to fetch scope from scope string required which scope to fetch output parameter type description alertid string unique identifier starttime string time value alerttype string type of the resource severity string output field severity internetexposure string output field internetexposure reachability string output field reachability derivedfields string output field derivedfields endtime string time value lastuserupdatedtime string time value status string status value alertname string name of the resource alertinfo string output field alertinfo policyid string unique identifier evolvingalert string output field evolvingalert entitymap object output field entitymap recid string unique identifier resource array output field resource key string output field key violationreason string response reason phrase example \[ { "alertid" "string", "starttime" "string", "alerttype" "string", "severity" "string", "internetexposure" "string", "reachability" "string", "derivedfields" { "category" "string", "sub category" "string", "source" "string" }, "endtime" "string", "lastuserupdatedtime" "string", "status" "string", "alertname" "string", "alertinfo" { "subject" "string", "description" "string" }, "policyid" "string", "evolvingalert" "string", "entitymap" { "recid" "string", "resource" \[], "violationreason" "string" } } ] get alerts lacework get alerts api endpoint url api/v2/alerts method get input argument name type required description start time string required start time to search for alerts end time string required end time to search for alerts alert filter string required add any alert types that should be fetched get alerts and metadata get alerts from lacework endpoint url api/v2/alerts method get input argument name type required description start time string required start time to search for alerts end time string required end time to search for alerts alert filter string required add any alert types that should be fetched get cloud accounts lacework get cloud accounts endpoint url api/v2/cloudaccounts method get get host vulnerabilities run a query against lacework endpoint url vulnerabilities/containers/search method get input argument name type required description primary query endpoint string optional parameter for get host vulnerabilities primary query filter array optional parameter for get host vulnerabilities field string optional parameter for get host vulnerabilities expression string optional parameter for get host vulnerabilities values array optional value for the parameter value string optional value for the parameter primary query return fields array optional parameter for get host vulnerabilities secondary query endpoint string optional parameter for get host vulnerabilities secondary query filter array optional parameter for get host vulnerabilities field string optional parameter for get host vulnerabilities expression string optional parameter for get host vulnerabilities values array optional value for the parameter value number optional value for the parameter master key string optional parameter for get host vulnerabilities field mappings object optional parameter for get host vulnerabilities agent id object optional unique identifier referencelookup object optional parameter for get host vulnerabilities key string optional parameter for get host vulnerabilities field string optional parameter for get host vulnerabilities data string optional response data multi value boolean optional value for the parameter cloud instance id object optional unique identifier referencelookup object optional parameter for get host vulnerabilities key string optional parameter for get host vulnerabilities field string optional parameter for get host vulnerabilities get host vulnerabilities bad run a query against lacework endpoint url vulnerabilities/containers/search method get input argument name type required description start time string optional time value end time string optional time value filter array optional parameter for get host vulnerabilities bad field string optional parameter for get host vulnerabilities bad expression string optional parameter for get host vulnerabilities bad values array optional value for the parameter value string optional value for the parameter returns array optional parameter for get host vulnerabilities bad example \[ \[ { "evalctx" {}, "featurekey" {}, "fixinfo" {}, "mid" 6420720632738334000 }, { "evalctx" {}, "featurekey" {}, "fixinfo" {}, "mid" 3993067929924896300 } ] ] get machines run a query against lacework endpoint url vulnerabilities/containers/search method get get report run a query against lacework to hunt for ips endpoint url reports method get input argument name type required description params object optional parameter for get report primaryqueryid string optional unique identifier secondaryqueryid string optional unique identifier format string optional parameter for get report reporttype string optional type of the resource output parameter type description data array response data reporttype string type of the resource reporttitle string output field reporttitle custguid string unique identifier envguid string unique identifier recommendations array output field recommendations account id string unique identifier account alias string output field account alias start time number time value suppressions array output field suppressions file name string name of the resource file string output field file info link string output field info link assessed resource count number count value status string status value rec id string unique identifier category string output field category service string output field service title string output field title violations array output field violations reasons array response reason phrase resource string output field resource resource count number count value severity number output field severity summary array output field summary example \[ { "data" \[], "ok" true, "message" "string" } ] post comments post a comment on the lacework alert endpoint url /api/v2/alerts/{alertid}/comment method get input argument name type required description alert id string required unique identifier comment string required parameter for post comments output parameter type description data object response data id number unique identifier alertid number unique identifier createdtime string time value entrytype string type of the resource entryauthortype string type of the resource message object response message value string value for the parameter externaltime string time value user object output field user userguid string unique identifier username string name of the resource updatecontext object output field updatecontext example \[ { "data" { "id" 211250, "alertid" 871115, "createdtime" "2022 07 18t18 28 30 739z", "entrytype" "comment", "entryauthortype" "userupdate", "message" {}, "externaltime" "", "user" {}, "updatecontext" {} } } ] query ip indicators run a query against lacework to hunt for ips endpoint url queries/execute method get input argument name type required description start time string optional time value end time string optional time value ips array optional parameter for query ip indicators query lacework run a query against lacework endpoint url vulnerabilities/containers/search method get input argument name type required description start time string required start time to search for alerts end time string required start time to search for alerts query endpoint string required endpoint to query data from filter array required parameter for query lacework expression string optional parameter for query lacework field string optional parameter for query lacework value string optional value for the parameter values array optional value for the parameter returns array optional which items to return from api call search active containers search active containers api endpoint url api/v2/entities/containers/search method post input argument name type required description data body object optional data body headers object optional request headers search agent information search agent information api endpoint url /api/v2/agentinfo/search method post input argument name type required description start time string optional time value end time string optional time value filters array optional parameter for search agent information field string optional parameter for search agent information expression string optional parameter for search agent information value string optional value for the parameter returns array optional parameter for search agent information search audit logs search audit logs api endpoint url api/v2/auditlogs/search method post input argument name type required description start time string optional time value end time string optional time value filter array optional parameter for search audit logs field string optional parameter for search audit logs expression string optional parameter for search audit logs value string optional value for the parameter values array optional value for the parameter returns array optional parameter for search audit logs search compliance evaluations search compliance evaluations api endpoint url api/v2/configs/complianceevaluations/search method post input argument name type required description start time string optional time value end time string optional time value filter array optional parameter for search compliance evaluations field string optional parameter for search compliance evaluations expression string optional parameter for search compliance evaluations value string optional value for the parameter returns array optional parameter for search compliance evaluations dataset string optional response data search container vulnerabilities search active containers api endpoint url api/v2/entities/containers/search method post input argument name type required description start time string optional time value end time string optional time value filter array optional parameter for search container vulnerabilities field string optional parameter for search container vulnerabilities expression string optional parameter for search container vulnerabilities value string optional value for the parameter returns array optional parameter for search container vulnerabilities search inventory lacework search inventory api endpoint url api/v2/inventory/search method get input argument name type required description start time string optional time value end time string optional time value filter array optional parameter for search inventory field string optional parameter for search inventory expression string optional parameter for search inventory value string optional value for the parameter values array optional value for the parameter returns array optional parameter for search inventory csp string optional parameter for search inventory