forked from lacework/python-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
example_cloud_activities.py
52 lines (41 loc) · 1.29 KB
/
example_cloud_activities.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# -*- coding: utf-8 -*-
"""
Example script showing how to use the LaceworkClient class.
"""
import logging
from datetime import datetime, timedelta, timezone
from dotenv import load_dotenv
from laceworksdk import LaceworkClient
logging.basicConfig(level=logging.DEBUG)
load_dotenv()
if __name__ == "__main__":
# Instantiate a LaceworkClient instance
lacework_client = LaceworkClient()
# Build start/end times
current_time = datetime.now(timezone.utc)
start_time = current_time - timedelta(days=7)
start_time = start_time.strftime("%Y-%m-%dT%H:%M:%SZ")
end_time = current_time.strftime("%Y-%m-%dT%H:%M:%SZ")
# Cloud Activities API
# Get Cloud Activities
lacework_client.cloud_activities.get()
# Get Cloud Activities by date range
lacework_client.cloud_activities.get(start_time=start_time, end_time=end_time)
# Search Cloud Activities
lacework_client.cloud_activities.search(json={
"timeFilter": {
"startTime": start_time,
"endTime": end_time
},
"filters": [
{
"expression": "eq",
"field": "eventModel",
"value": "CloudTrailCep"
}
],
"returns": [
"eventType",
"eventActor"
]
})