laceworkreports 1.3.48

laceworkreports is a Python cli/package for creating reports from Lacework data.

Lacework Reports CLI/SDK

laceworkreports is a Python cli/package for creating reports from Lacework data.

🚀 Features

• Retrieve Lacework API data from activities, entities, queries, configs
• Save results as csv, json, or to postgres
• Transform results using jinja template
• Override returned field names using field_map (supports nested json notation: parent.child.value)
• Stores complex json objects as JSONB in postgres
• Flatten json structures before writing

CLI Usage

laceworkreports export vulnerabilities hosts csv --file-path="export.csv"

See CLI README for details.

SDK Usage

from laceworkreports import common
from laceworkreports.sdk.DataHandlers import (
    DataHandlerTypes,
    ExportHandler,
    QueryHandler,
)

eh = ExportHandler(
    format=DataHandlerTypes.CSV,
    results=QueryHandler(
        client=LaceworkClient(),
        type=common.ObjectTypes.Activities.value,
        object=common.ActivitiesTypes.DNSSummaries.value,
        filters=[{"field": "mid", "expression": "eq", "value": 851}],
        returns=["fqdn"],
    ).execute(),
    file_path="export.csv",
).export()

See example.py for details.

Installation

pip install -U laceworkreports

or install with Poetry

poetry add laceworkreports

Then you can run

laceworkreports --help

or with Poetry:

poetry run laceworkreports --help

or run with docker:

docker run --rm -it --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml -v $(pwd)/reports:/app/reports \
    laceworkps/laceworkreports:latest --help

or run with docker and start a shell:

docker run --rm --entrypoint="/bin/bash" -it --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml -v $(pwd)/reports:/app/reports \
    laceworkps/laceworkreports:latest --help

or run with docker and force uid:gid on the volume mount (may be required for write permissions):

docker run --rm -it \
    --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml \
    -v $(pwd)/reports:/app/reports \
    --env=HOME=/home/user \
    --user $UID:$GID \
    laceworkps/laceworkreports:latest

📈 Releases

You can see the list of available releases on the GitHub Releases page.

We follow Semantic Versions specification.

We use Release Drafter. As pull requests are merged, a draft release is kept up-to-date listing the changes, ready to publish when you’re ready. With the categories option, you can categorize pull requests in release notes using labels.

List of labels and corresponding titles

Label	Title in Releases
enhancement, feature	🚀 Features
bug, refactoring, bugfix, fix	🔧 Fixes & Refactoring
build, ci, testing	📦 Build System & CI/CD
breaking	💥 Breaking Changes
documentation	📝 Documentation
dependencies	⬆️ Dependencies updates

🛡 License

This project is licensed under the terms of the BSD-3 license. See LICENSE for more details.

📃 Citation

@misc{laceworkreports,
  author = {Lacework Inc.},
  title = {laceworkreports is a Python cli/package for creating reports from Lacework data.},
  year = {2022},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/laceworkps/laceworkreports}}
}