def lambda_handler(event, context):
# Use enviroment variables to instantiate a LaceworkClient instance
lacework_client = LaceworkClient(api_key=os.getenv('lw_api_key'),
api_secret=os.getenv('lw_api_secret'),
account=os.getenv('lw_acct'))
#Set compliance report name with current date/time
key = f'Lacework Compliance Report - {str(datetime.datetime.now())} UTC.pdf'
#Grab lacework compliance report - use the AWS Account ID of the account the report is being run against in Lacework
ACCOUNT_ID = os.getenv('aws_account_id')
pdf_path = f'/tmp/{key}'
lacework_client.compliance.get_latest_aws_report(ACCOUNT_ID,
file_format="pdf",
pdf_path=pdf_path)
# Grab bucket name and attempt to upload the pdf to the s3 bucket
bucket = os.environ['bucket']
try:
response = s3.put_object(Bucket=bucket,
Key=key,
Body=open(pdf_path, 'rb'))
print(response)
return response
except Exception as e:
print(e)
print(
'Error putting object {} from bucket {}. Make sure your bucket is in the same region as this function.'
.format(key, bucket))
raise e
def __init__(self,
api_key=None,
api_secret=None,
account=None,
subaccount=None,
instance=None,
base_domain=None,
profile=None):
self.sdk = LaceworkClient(api_key=api_key,
api_secret=api_secret,
account=account,
subaccount=subaccount,
instance=instance,
base_domain=base_domain,
profile=profile)
wrappers = [w for w in dir(self.sdk) if not w.startswith("_")]
for wrapper in wrappers:
wrapper_object = getattr(self.sdk, wrapper)
api_wrapper = APIWrapper(wrapper_object, wrapper_name=wrapper)
setattr(self, wrapper, api_wrapper)
"""
import logging
import os
import random
from dotenv import load_dotenv
from laceworksdk import LaceworkClient
logging.basicConfig(level=logging.DEBUG)
load_dotenv()
if __name__ == "__main__":
# Use enviroment variables to instantiate a LaceworkClient instance
lacework_client = LaceworkClient(api_key=os.getenv("LW_API_KEY"),
api_secret=os.getenv("LW_API_SECRET"),
account=os.getenv("LW_ACCOUNT"))
# Integration API
# Get all Integrations
integrations = lacework_client.integrations.get_all()
# Get Integration by ID
integration_by_id = lacework_client.integrations.get_by_id(random.choice(integrations["data"])["INTG_GUID"])
# Get Integration Schema by Type
lacework_client.integrations.get_schema(integration_by_id["data"][0]["TYPE"])
# disable insecure warnings
requests.packages.urllib3.disable_warnings()
handle_proxy()
''' GLOBAL VARS '''
LACEWORK_ACCOUNT = demisto.params().get('lacework_account')
LACEWORK_API_KEY = demisto.params()['lacework_api_key']
LACEWORK_API_SECRET = demisto.params()['lacework_api_secret']
LACEWORK_EVENT_SEVERITY = demisto.params()['lacework_event_severity']
LACEWORK_EVENT_HISTORY_DAYS = demisto.params()['lacework_event_history']
try:
lacework_client = LaceworkClient(instance=LACEWORK_ACCOUNT,
api_key=LACEWORK_API_KEY,
api_secret=LACEWORK_API_SECRET)
except Exception:
demisto.results("Lacework API authentication failed. Please validate Instance Name, API Key, and API Secret.")
''' HELPER FUNCTIONS '''
def get_event_severity_threshold():
"""
Convert the Event Severity string to the appropriate integer
"""
if LACEWORK_EVENT_SEVERITY == 'critical':
return 1
elif LACEWORK_EVENT_SEVERITY == 'high':
# disable insecure warnings
requests.packages.urllib3.disable_warnings()
handle_proxy()
''' GLOBAL VARS '''
LACEWORK_ACCOUNT = demisto.params().get('lacework_account')
LACEWORK_SUBACCOUNT = demisto.params().get('lacework_subaccount', None)
LACEWORK_API_KEY = demisto.params()['lacework_api_key']
LACEWORK_API_SECRET = demisto.params()['lacework_api_secret']
LACEWORK_EVENT_SEVERITY = demisto.params()['lacework_event_severity']
LACEWORK_EVENT_HISTORY_DAYS = demisto.params()['lacework_event_history']
try:
if LACEWORK_SUBACCOUNT:
lacework_client = LaceworkClient(account=LACEWORK_ACCOUNT,
subaccount=LACEWORK_SUBACCOUNT,
api_key=LACEWORK_API_KEY,
api_secret=LACEWORK_API_SECRET)
else:
lacework_client = LaceworkClient(account=LACEWORK_ACCOUNT,
api_key=LACEWORK_API_KEY,
api_secret=LACEWORK_API_SECRET)
except Exception as e:
demisto.results(
"Lacework API authentication failed. Please validate Account, \
Sub-Account, API Key, and API Secret. Error: {}".format(e))
''' HELPER FUNCTIONS '''
def get_event_severity_threshold():
"""
Convert the Event Severity string to the appropriate integer
import os
from laceworksdk import LaceworkClient
from docker_registry_client import DockerRegistryClient
lw = LaceworkClient(account=os.getenv('LW_ACCOUNT'),
api_key=os.getenv('LW_API_KEY'),
api_secret=os.getenv('LW_API_SECRET'))
registry = os.getenv('REGISTRY')
nexus = DockerRegistryClient(f"https://{registry}",
verify_ssl=False,
username=os.getenv('REGISTRY_USER'),
password=os.getenv('REGISTRY_PASSWORD'))
repos = nexus.repositories()
for name, repo in repos.items():
tags = repo.tags()
for tag in tags:
scan_request = lw.vulnerabilities.initiate_container_scan(
registry, name, tag)
print(
f"INITIATING SCAN FOR -> REGISTRY[{registry}] IMAGE[{name}] TAG[{tag}] -> RequestId [{scan_request['data']['RequestId']}]"
)
from CommonServerPython import *
# disable insecure warnings
requests.packages.urllib3.disable_warnings()
handle_proxy()
''' GLOBAL VARS '''
LACEWORK_INSTANCE = demisto.params().get('lacework_instance')
LACEWORK_API_KEY = demisto.params()['lacework_api_key']
LACEWORK_API_SECRET = demisto.params()['lacework_api_secret']
LACEWORK_EVENT_SEVERITY = demisto.params()['lacework_event_severity']
LACEWORK_EVENT_HISTORY_DAYS = demisto.params()['lacework_event_history']
try:
lacework_client = LaceworkClient(instance=LACEWORK_INSTANCE,
api_key=LACEWORK_API_KEY,
api_secret=LACEWORK_API_SECRET)
except Exception:
demisto.results(
"Lacework API authentication failed. Please validate Instance Name, API Key, and API Secret."
)
''' HELPER FUNCTIONS '''
def get_event_severity_threshold():
"""
Convert the Event Severity string to the appropriate integer
"""
if LACEWORK_EVENT_SEVERITY == 'critical':
return 1
# create the data row
try:
row = map_fields(data=data, field_map=field_map)
except Exception as e:
logging.error(f"Failed to map fields for data: {data}")
raise Exception(e)
h.insert(row)
# return
return h.get()
if __name__ == "__main__":
client = LaceworkClient()
# # scenario 1 - export a list of machines to csv
# export(
# "csv",
# query(client=client, type="entities", object="machines"),
# field_map={
# "start_time": "startTime",
# "end_time": "endTime",
# "mid": "mid",
# "tags": "machineTags",
# "hostname": "hostname",
# "public_ip": "machineTags.ExternalIp",
# },
# file_path="export_machines.csv",
# )
