/laceworkreports

CLI and SDK for exporting API data to CSV, JSON, and POSTGRES

Primary LanguageJinjaBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Lacework Reports CLI/SDK

Build status Python Version Dependencies Status

Code style: black Security: bandit Pre-commit Semantic Versions License Coverage Report

laceworkreports is a Python cli/package for creating reports from Lacework data.

πŸš€ Features

  • Retrieve Lacework API data from activities, entities, queries, configs
  • Save results as csv, json, or to postgres
  • Transform results using jinja template
  • Override returned field names using field_map (supports nested json notation: parent.child.value)
  • Stores complex json objects as JSONB in postgres
  • Flatten json structures before writing

CLI Usage

laceworkreports export vulnerabilities hosts csv --file-path="export.csv"

laceworkreports

See CLI README for details.

SDK Usage

from laceworkreports import common
from laceworkreports.sdk.DataHandlers import (
    DataHandlerTypes,
    ExportHandler,
    QueryHandler,
)

eh = ExportHandler(
    format=DataHandlerTypes.CSV,
    results=QueryHandler(
        client=LaceworkClient(),
        type=common.ObjectTypes.Activities.value,
        object=common.ActivitiesTypes.DNSSummaries.value,
        filters=[{"field": "mid", "expression": "eq", "value": 851}],
        returns=["fqdn"],
    ).execute(),
    file_path="export.csv",
).export()

See example.py for details.

Installation

pip install -U laceworkreports

or install with Poetry

poetry add laceworkreports

Then you can run

laceworkreports --help

or with Poetry:

poetry run laceworkreports --help

or run with docker:

docker run --rm -it --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml -v $(pwd)/reports:/app/reports \
    laceworkps/laceworkreports:latest --help

or run with docker and start a shell:

docker run --rm --entrypoint="/bin/bash" -it --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml -v $(pwd)/reports:/app/reports \
    laceworkps/laceworkreports:latest --help

or run with docker and force uid:gid on the volume mount (may be required for write permissions):

docker run --rm -it \
    --name laceworkreports \
    -v ~/.lacework.toml:/home/user/.lacework.toml \
    -v $(pwd)/reports:/app/reports \
    --env=HOME=/home/user \
    --user $UID:$GID \
    laceworkps/laceworkreports:latest

πŸ“ˆ Releases

You can see the list of available releases on the GitHub Releases page.

We follow Semantic Versions specification.

We use Release Drafter. As pull requests are merged, a draft release is kept up-to-date listing the changes, ready to publish when you’re ready. With the categories option, you can categorize pull requests in release notes using labels.

List of labels and corresponding titles

Label Title in Releases
enhancement, feature πŸš€ Features
bug, refactoring, bugfix, fix πŸ”§ Fixes & Refactoring
build, ci, testing πŸ“¦ Build System & CI/CD
breaking πŸ’₯ Breaking Changes
documentation πŸ“ Documentation
dependencies ⬆️ Dependencies updates

πŸ›‘ License

License

This project is licensed under the terms of the BSD-3 license. See LICENSE for more details.

πŸ“ƒ Citation

@misc{laceworkreports,
  author = {Lacework Inc.},
  title = {laceworkreports is a Python cli/package for creating reports from Lacework data.},
  year = {2022},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/laceworkps/laceworkreports}}
}