Skip to main content

laceworkreports is a Python cli/package for creating reports from Lacework data.

Project description

Lacework Reports CLI/SDK

Build status Python Version Dependencies Status

Code style: black Security: bandit Pre-commit Semantic Versions License Coverage Report

laceworkreports is a Python cli/package for creating reports from Lacework data.

🚀 Features

  • Retrieve Lacework API data from activities, entities, queries, configs
  • Save results as csv, json, or to postgres
  • Transform results using jinja template
  • Override returned field names using field_map (supports nested json notation: parent.child.value)
  • Stores complex json objects as JSONB in postgres
  • Flatten json structures before writing

CLI Usage

laceworkreports export vulnerabilities hosts csv --file-path="export.csv"

laceworkreports

See CLI README for details.

SDK Usage

from laceworkreports import common
from laceworkreports.sdk.DataHandlers import (
    DataHandlerTypes,
    ExportHandler,
    QueryHandler,
)

eh = ExportHandler(
    format=DataHandlerTypes.CSV,
    results=QueryHandler(
        client=LaceworkClient(),
        type=common.ObjectTypes.Activities.value,
        object=common.ActivitiesTypes.DNSSummaries.value,
        filters=[{"field": "mid", "expression": "eq", "value": 851}],
        returns=["fqdn"],
    ).execute(),
    file_path="export.csv",
).export()

See example.py for details.

Installation

pip install -U laceworkreports

or install with Poetry

poetry add laceworkreports

Then you can run

laceworkreports --help

or with Poetry:

poetry run laceworkreports --help

or run with docker:

docker run --rm -it --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml -v $(pwd)/reports:/app/reports \
    laceworkps/laceworkreports:latest --help

or run with docker and start a shell:

docker run --rm --entrypoint="/bin/bash" -it --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml -v $(pwd)/reports:/app/reports \
    laceworkps/laceworkreports:latest --help

or run with docker and force uid:gid on the volume mount (may be required for write permissions):

docker run --rm -it \
    --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml \
    -v $(pwd)/reports:/app/reports \
    --env=HOME=/home/user \
    --user $UID:$GID \
    laceworkps/laceworkreports:latest

📈 Releases

You can see the list of available releases on the GitHub Releases page.

We follow Semantic Versions specification.

We use Release Drafter. As pull requests are merged, a draft release is kept up-to-date listing the changes, ready to publish when you’re ready. With the categories option, you can categorize pull requests in release notes using labels.

List of labels and corresponding titles

Label Title in Releases
enhancement, feature 🚀 Features
bug, refactoring, bugfix, fix 🔧 Fixes & Refactoring
build, ci, testing 📦 Build System & CI/CD
breaking 💥 Breaking Changes
documentation 📝 Documentation
dependencies ⬆️ Dependencies updates

🛡 License

License

This project is licensed under the terms of the BSD-3 license. See LICENSE for more details.

📃 Citation

@misc{laceworkreports,
  author = {Lacework Inc.},
  title = {laceworkreports is a Python cli/package for creating reports from Lacework data.},
  year = {2022},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/laceworkps/laceworkreports}}
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

laceworkreports-1.3.24.tar.gz (215.7 kB view hashes)

Uploaded Source

Built Distribution

laceworkreports-1.3.24-py3-none-any.whl (222.4 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page