Lacework

Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers. This integration was integrated and tested with version 3.32 of Lacework

Configure Lacework on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Lacework.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
lacework_accountLacework Account Name (i.e. Subdomain of the URL: <ACCOUNT>.lacework.net)True
lacework_api_keyLacework API KeyTrue
lacework_api_secretLacework API SecretTrue
lacework_event_severityLacework Event Severity ThresholdTrue
isFetchFetch incidentsFalse
incidentTypeIncident typeFalse
lacework_event_historyLacework Event History to Import (in days)False
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

lw-get-aws-compliance-assessment


Fetch the latest AWS compliance data from Lacework.

Base Command

lw-get-aws-compliance-assessment

Input

Argument NameDescriptionRequired
account_idThe AWS Account ID to use when fetching compliance data.Required
report_typeThe Report Type to fetch from Lacework.Optional

Context Output

PathTypeDescription
Lacework.Compliance.reportTypeStringThe Type of the compliance report.
Lacework.Compliance.reportTitleStringThe Title of the compliance report.
Lacework.Compliance.recommendations.SUPPRESSIONSStringThe supressions for the current recommendation.
Lacework.Compliance.recommendations.INFO_LINKStringThe URL to the compliance violation information.
Lacework.Compliance.recommendations.ASSESSED_RESOURCE_COUNTNumberThe number of assessed resources for the violation.
Lacework.Compliance.recommendations.STATUSStringThe status of the recommendation.
Lacework.Compliance.recommendations.REC_IDStringThe ID of the recommendation.
Lacework.Compliance.recommendations.CATEGORYStringThe category of the recommendation
Lacework.Compliance.recommendations.SERVICEStringThe service associated with the recommendation.
Lacework.Compliance.recommendations.TITLEStringThe title of the recommendation.
Lacework.Compliance.recommendations.VIOLATIONS.regionStringThe region of the violating resource.
Lacework.Compliance.recommendations.VIOLATIONS.reasonsStringThe reason for the violation.
Lacework.Compliance.recommendations.VIOLATIONS.resourceStringThe resource causing the violation.
Lacework.Compliance.recommendations.RESOURCE_COUNTNumberThe number of resources associated with the compliance failure.
Lacework.Compliance.recommendations.SEVERITYNumberThe severity of the compliance failure.
Lacework.Compliance.summary.NUM_RECOMMENDATIONSNumberThe number of recommendations contained in the report.
Lacework.Compliance.summary.NUM_SEVERITY_2_NON_COMPLIANCENumberThe number of Severity 2 compliance violations.
Lacework.Compliance.summary.NUM_SEVERITY_4_NON_COMPLIANCENumberThe number of Severity 4 compliance violations.
Lacework.Compliance.summary.NUM_SEVERITY_1_NON_COMPLIANCENumberThe number of severity 1 compliance violations.
Lacework.Compliance.summary.NUM_COMPLIANTNumberThe number of compliant resources.
Lacework.Compliance.summary.NUM_SEVERITY_3_NON_COMPLIANCENumberThe number of severity 3 compliance violations.
Lacework.Compliance.summary.ASSESSED_RESOURCE_COUNTNumberThe number of assessed resources.
Lacework.Compliance.summary.NUM_SUPPRESSEDNumberThe number of suppressed alerts.
Lacework.Compliance.summary.NUM_SEVERITY_5_NON_COMPLIANCENumberThe number of severity 5 compliance violations.
Lacework.Compliance.summary.NUM_NOT_COMPLIANTNumberThe number of resources not in compliance.
Lacework.Compliance.summary.VIOLATED_RESOURCE_COUNTNumberThe number of resources violating compliance.
Lacework.Compliance.summary.SUPPRESSED_RESOURCE_COUNTNumberThe number of resources with suppressed violations.
Lacework.Compliance.accountIdStringThe AWS account ID.
Lacework.Compliance.accountAliasStringThe AWS account alias.
Lacework.Compliance.tenantIdStringThe Azure tenant ID.
Lacework.Compliance.tenantNameStringThe Azure tenant name.
Lacework.Compliance.subscriptionIdStringThe Azure subscription ID.
Lacework.Compliance.subscriptionNameStringThe Azure subscription name.
Lacework.Compliance.projectIdStringThe GCP project ID.
Lacework.Compliance.projectNameStringThe GCP project name.
Lacework.Compliance.organizationIdStringThe GCP organization ID.
Lacework.Compliance.organizationNameStringThe GCP organization name.
Lacework.Compliance.reportTimeStringThe time the report completed.

Command Example

Human Readable Output

lw-get-azure-compliance-assessment


Fetch the latest Azure compliance data from Lacework.

Base Command

lw-get-azure-compliance-assessment

Input

Argument NameDescriptionRequired
tenant_idThe Azure Tenant ID to use when fetching compliance data.Required
subscription_idThe Azure Subscription ID to use when fetching compliance data.Required
report_typeThe Report Type to fetch from Lacework.Optional

Context Output

PathTypeDescription
Lacework.Compliance.reportTypeStringThe Type of the compliance report.
Lacework.Compliance.reportTitleStringThe Title of the compliance report.
Lacework.Compliance.recommendations.SUPPRESSIONSStringThe supressions for the current recommendation.
Lacework.Compliance.recommendations.INFO_LINKStringThe URL to the compliance violation information.
Lacework.Compliance.recommendations.ASSESSED_RESOURCE_COUNTNumberThe number of assessed resources for the violation.
Lacework.Compliance.recommendations.STATUSStringThe status of the recommendation.
Lacework.Compliance.recommendations.REC_IDStringThe ID of the recommendation.
Lacework.Compliance.recommendations.CATEGORYStringThe category of the recommendation
Lacework.Compliance.recommendations.SERVICEStringThe service associated with the recommendation.
Lacework.Compliance.recommendations.TITLEStringThe title of the recommendation.
Lacework.Compliance.recommendations.VIOLATIONS.regionStringThe region of the violating resource.
Lacework.Compliance.recommendations.VIOLATIONS.reasonsStringThe reason for the violation.
Lacework.Compliance.recommendations.VIOLATIONS.resourceStringThe resource causing the violation.
Lacework.Compliance.recommendations.RESOURCE_COUNTNumberThe number of resources associated with the compliance failure.
Lacework.Compliance.recommendations.SEVERITYNumberThe severity of the compliance failure.
Lacework.Compliance.summary.NUM_RECOMMENDATIONSNumberThe number of recommendations contained in the report.
Lacework.Compliance.summary.NUM_SEVERITY_2_NON_COMPLIANCENumberThe number of Severity 2 compliance violations.
Lacework.Compliance.summary.NUM_SEVERITY_4_NON_COMPLIANCENumberThe number of Severity 4 compliance violations.
Lacework.Compliance.summary.NUM_SEVERITY_1_NON_COMPLIANCENumberThe number of severity 1 compliance violations.
Lacework.Compliance.summary.NUM_COMPLIANTNumberThe number of compliant resources.
Lacework.Compliance.summary.NUM_SEVERITY_3_NON_COMPLIANCENumberThe number of severity 3 compliance violations.
Lacework.Compliance.summary.ASSESSED_RESOURCE_COUNTNumberThe number of assessed resources.
Lacework.Compliance.summary.NUM_SUPPRESSEDNumberThe number of suppressed alerts.
Lacework.Compliance.summary.NUM_SEVERITY_5_NON_COMPLIANCENumberThe number of severity 5 compliance violations.
Lacework.Compliance.summary.NUM_NOT_COMPLIANTNumberThe number of resources not in compliance.
Lacework.Compliance.summary.VIOLATED_RESOURCE_COUNTNumberThe number of resources violating compliance.
Lacework.Compliance.summary.SUPPRESSED_RESOURCE_COUNTNumberThe number of resources with suppressed violations.
Lacework.Compliance.accountIdStringThe AWS account ID.
Lacework.Compliance.accountAliasStringThe AWS account alias.
Lacework.Compliance.tenantIdStringThe Azure tenant ID.
Lacework.Compliance.tenantNameStringThe Azure tenant name.
Lacework.Compliance.subscriptionIdStringThe Azure subscription ID.
Lacework.Compliance.subscriptionNameStringThe Azure subscription name.
Lacework.Compliance.projectIdStringThe GCP project ID.
Lacework.Compliance.projectNameStringThe GCP project name.
Lacework.Compliance.organizationIdStringThe GCP organization ID.
Lacework.Compliance.organizationNameStringThe GCP organization name.
Lacework.Compliance.reportTimeStringThe time the report completed.

Command Example

Human Readable Output

lw-get-gcp-compliance-assessment


Fetch the latest GCP compliance data from Lacework.

Base Command

lw-get-gcp-compliance-assessment

Input

Argument NameDescriptionRequired
organization_idThe GCP Organization ID to use when fetching compliance data.Required
project_idThe GCP Project ID to use when fetching compliance data.Required
report_typeThe Report Type to fetch from Lacework.Optional

Context Output

PathTypeDescription
Lacework.Compliance.reportTypeStringThe Type of the compliance report.
Lacework.Compliance.reportTitleStringThe Title of the compliance report.
Lacework.Compliance.recommendations.SUPPRESSIONSStringThe supressions for the current recommendation.
Lacework.Compliance.recommendations.INFO_LINKStringThe URL to the compliance violation information.
Lacework.Compliance.recommendations.ASSESSED_RESOURCE_COUNTNumberThe number of assessed resources for the violation.
Lacework.Compliance.recommendations.STATUSStringThe status of the recommendation.
Lacework.Compliance.recommendations.REC_IDStringThe ID of the recommendation.
Lacework.Compliance.recommendations.CATEGORYStringThe category of the recommendation
Lacework.Compliance.recommendations.SERVICEStringThe service associated with the recommendation.
Lacework.Compliance.recommendations.TITLEStringThe title of the recommendation.
Lacework.Compliance.recommendations.VIOLATIONS.regionStringThe region of the violating resource.
Lacework.Compliance.recommendations.VIOLATIONS.reasonsStringThe reason for the violation.
Lacework.Compliance.recommendations.VIOLATIONS.resourceStringThe resource causing the violation.
Lacework.Compliance.recommendations.RESOURCE_COUNTNumberThe number of resources associated with the compliance failure.
Lacework.Compliance.recommendations.SEVERITYNumberThe severity of the compliance failure.
Lacework.Compliance.summary.NUM_RECOMMENDATIONSNumberThe number of recommendations contained in the report.
Lacework.Compliance.summary.NUM_SEVERITY_2_NON_COMPLIANCENumberThe number of Severity 2 compliance violations.
Lacework.Compliance.summary.NUM_SEVERITY_4_NON_COMPLIANCENumberThe number of Severity 4 compliance violations.
Lacework.Compliance.summary.NUM_SEVERITY_1_NON_COMPLIANCENumberThe number of severity 1 compliance violations.
Lacework.Compliance.summary.NUM_COMPLIANTNumberThe number of compliant resources.
Lacework.Compliance.summary.NUM_SEVERITY_3_NON_COMPLIANCENumberThe number of severity 3 compliance violations.
Lacework.Compliance.summary.ASSESSED_RESOURCE_COUNTNumberThe number of assessed resources.
Lacework.Compliance.summary.NUM_SUPPRESSEDNumberThe number of suppressed alerts.
Lacework.Compliance.summary.NUM_SEVERITY_5_NON_COMPLIANCENumberThe number of severity 5 compliance violations.
Lacework.Compliance.summary.NUM_NOT_COMPLIANTNumberThe number of resources not in compliance.
Lacework.Compliance.summary.VIOLATED_RESOURCE_COUNTNumberThe number of resources violating compliance.
Lacework.Compliance.summary.SUPPRESSED_RESOURCE_COUNTNumberThe number of resources with suppressed violations.
Lacework.Compliance.accountIdStringThe AWS account ID.
Lacework.Compliance.accountAliasStringThe AWS account alias.
Lacework.Compliance.tenantIdStringThe Azure tenant ID.
Lacework.Compliance.tenantNameStringThe Azure tenant name.
Lacework.Compliance.subscriptionIdStringThe Azure subscription ID.
Lacework.Compliance.subscriptionNameStringThe Azure subscription name.
Lacework.Compliance.projectIdStringThe GCP project ID.
Lacework.Compliance.projectNameStringThe GCP project name.
Lacework.Compliance.organizationIdStringThe GCP organization ID.
Lacework.Compliance.organizationNameStringThe GCP organization name.
Lacework.Compliance.reportTimeStringThe time the report completed.

Command Example

Human Readable Output

lw-run-aws-compliance-assessment


Run an AWS compliance assessment in Lacework.

Base Command

lw-run-aws-compliance-assessment

Input

Argument NameDescriptionRequired
account_idThe AWS Account ID to run a compliance assessment against.Required

Context Output

There is no context output for this command.

Command Example

Human Readable Output

lw-run-azure-compliance-assessment


Run an Azure compliance assessment in Lacework.

Base Command

lw-run-azure-compliance-assessment

Input

Argument NameDescriptionRequired
tenant_idThe Azure Tenant ID to run a compliance assessment against.Required

Context Output

There is no context output for this command.

Command Example

Human Readable Output

lw-run-gcp-compliance-assessment


Run a GCP compliance assessment in Lacework.

Base Command

lw-run-gcp-compliance-assessment

Input

Argument NameDescriptionRequired
project_idThe GCP Project ID to run a compliance assessment against.Required

Context Output

There is no context output for this command.

Command Example

Human Readable Output

lw-get-event-details


Fetch Event Details for a specific Event in Lacework.

Base Command

lw-get-event-details

Input

Argument NameDescriptionRequired
event_idThe Lacework Event ID to be retrieved.Required

Context Output

PathTypeDescription
Lacework.Event.START_TIMEDateThe start time of the event.
Lacework.Event.END_TIMEDateThe end time of the event.
Lacework.Event.EVENT_TYPEStringThe type of the event.
Lacework.Event.EVENT_IDStringThe ID of the event.
Lacework.Event.EVENT_ACTORStringThe actor of the event.
Lacework.Event.EVENT_MODELStringThe model of the event.
Lacework.Event.ENTITY_MAP.User.MACHINE_HOSTNAMEStringThe machine hostname associated to the user in the event.
Lacework.Event.ENTITY_MAP.User.USERNAMEStringThe username associated to the user in the event.
Lacework.Event.ENTITY_MAP.Application.APPLICATIONStringThe application associated with the event.
Lacework.Event.ENTITY_MAP.Application.HAS_EXTERNAL_CONNSNumberAn integer representing whether the application has external connections.
Lacework.Event.ENTITY_MAP.Application.IS_CLIENTNumberAn integer representing whether the application is the client.
Lacework.Event.ENTITY_MAP.Application.IS_SERVERNumberAn integer representing whether the application is the server.
Lacework.Event.ENTITY_MAP.Application.EARLIEST_KNOWN_TIMEDateThe time when then application was first seen.
Lacework.Event.ENTITY_MAP.Machine.HOSTNAMEStringThe hostname of the machine associated with the event.
Lacework.Event.ENTITY_MAP.Machine.EXTERNAL_IPStringThe external IP of the machine associated with the event.
Lacework.Event.ENTITY_MAP.Machine.INSTANCE_IDStringThe instance ID of the machine associated with the event.
Lacework.Event.ENTITY_MAP.Machine.INSTANCE_NAMEStringThe instance name of the machine associated with the event.
Lacework.Event.ENTITY_MAP.Machine.CPU_PERCENTAGENumberThe CPU utiliztion percentage of the machine associated with the event.
Lacework.Event.ENTITY_MAP.Machine.INTERNAL_IP_ADDRESSStringThe internal IP of the machine associated with the event.
Lacework.Event.ENTITY_MAP.Container.IMAGE_REPOStringThe image repository of the container associated with the event.
Lacework.Event.ENTITY_MAP.Container.IMAGE_TAGStringThe image tag of the container associated with the event.
Lacework.Event.ENTITY_MAP.Container.HAS_EXTERNAL_CONNSNumberAn integer representing whether the container has external connections.
Lacework.Event.ENTITY_MAP.Container.IS_CLIENTNumberAn integer representing whether the container is the client.
Lacework.Event.ENTITY_MAP.Container.IS_SERVERNumberAn integer representing whether the container is the server.
Lacework.Event.ENTITY_MAP.Container.FIRST_SEEN_TIMEDateThe time when the container was first seen.
Lacework.Event.ENTITY_MAP.Container.POD_NAMESPACEStringThe pod namespace the container associated with the event resides within.
Lacework.Event.ENTITY_MAP.Container.POD_IP_ADDRStringThe pod IP address of the container associated with the event.
Lacework.Event.ENTITY_MAP.DnsName.HOSTNAMEStringThe hostname used in a DNS query associated with the event.
Lacework.Event.ENTITY_MAP.DnsName.PORT_LISTNumberThe ports used to communicate to a specific DNS name associated with the event.
Lacework.Event.ENTITY_MAP.DnsName.TOTAL_IN_BYTESNumberThe total bytes in for a specific DNS name associated with the event.
Lacework.Event.ENTITY_MAP.DnsName.TOTAL_OUT_BYTESNumberThe total bytes out for a specific DNS name associated with the event.
Lacework.Event.ENTITY_MAP.IpAddress.IP_ADDRESSStringAn IP address associated with the event.
Lacework.Event.ENTITY_MAP.IpAddress.TOTAL_IN_BYTESNumberThe total bytes in for a specific IP address associated with the event.
Lacework.Event.ENTITY_MAP.IpAddress.TOTAL_OUT_BYTESNumberThe total bytes out for a specific IP address associated with the event.
Lacework.Event.ENTITY_MAP.IpAddress.THREAT_TAGSStringA treat tag associated with the IP.
Lacework.Event.ENTITY_MAP.IpAddress.COUNTRYStringThe country that the IP address resides within.
Lacework.Event.ENTITY_MAP.IpAddress.REGIONStringThe region that the IP address resides within.
Lacework.Event.ENTITY_MAP.IpAddress.PORT_LISTNumberThe ports used to communicate to the IP address associated with the event.
Lacework.Event.ENTITY_MAP.IpAddress.FIRST_SEEN_TIMEDateThe time when the IP address was first seen.
Lacework.Event.ENTITY_MAP.Process.HOSTNAMEStringThe hostname of the process associated with the event.
Lacework.Event.ENTITY_MAP.Process.PROCESS_IDNumberThe process ID (PID) of the process associated with the event.
Lacework.Event.ENTITY_MAP.Process.PROCESS_START_TIMEDateThe start time of the process associated with the event.
Lacework.Event.ENTITY_MAP.Process.CMDLINEStringThe command-line entry used to run the process associated with the event.
Lacework.Event.ENTITY_MAP.Process.CPU_PERCENTAGENumberThe CPU utilization percentage of the process associated with the event.
Lacework.Event.ENTITY_MAP.FileDataHash.FILEDATA_HASHStringThe hash of the binary associated with the event.
Lacework.Event.ENTITY_MAP.FileDataHash.MACHINE_COUNTNumberThe machine count of the binary associated with the event.
Lacework.Event.ENTITY_MAP.FileDataHash.EXE_PATH_LISTStringThe path to the binary associated with the event.
Lacework.Event.ENTITY_MAP.FileDataHash.FIRST_SEEN_TIMEDateThe time that the binary was first seen.
Lacework.Event.ENTITY_MAP.FileDataHash.IS_KNOWN_BADNumberAn integer representing whether the binary is known bad.
Lacework.Event.ENTITY_MAP.FileExePath.EXE_PATHStringThe path of the binary associated with the event.
Lacework.Event.ENTITY_MAP.FileExePath.FIRST_SEEN_TIMEDateThe time that the binary path was first seen.
Lacework.Event.ENTITY_MAP.FileExePath.LAST_FILEDATA_HASHStringThe hash of the binary located at the given path.
Lacework.Event.ENTITY_MAP.FileExePath.LAST_PACKAGE_NAMEStringThe package name of the binary at the given path.
Lacework.Event.ENTITY_MAP.FileExePath.LAST_VERSIONStringThe version of the binary at the given path.
Lacework.Event.ENTITY_MAP.FileExePath.LAST_FILE_OWNERStringThe file owner of the binary at the given path.
Lacework.Event.ENTITY_MAP.SourceIpAddress.IP_ADDRESSStringThe IP address of the source IP associated with the event.
Lacework.Event.ENTITY_MAP.SourceIpAddress.REGIONStringThe region of the source IP associated with the event.
Lacework.Event.ENTITY_MAP.SourceIpAddress.COUNTRYStringThe country of the source IP associated with the event.
Lacework.Event.ENTITY_MAP.API.SERVICEStringThe service endpoint of the API associated with the event.
Lacework.Event.ENTITY_MAP.API.APIStringThe API identifier of the API associated with the event.
Lacework.Event.ENTITY_MAP.Region.REGIONStringThe region identifier associated with the event.
Lacework.Event.ENTITY_MAP.Region.ACCOUNT_LISTStringThe account list of the region associated with the event.
Lacework.Event.ENTITY_MAP.CT_User.USERNAMEStringThe username of the CloudTrail user associated with the event.
Lacework.Event.ENTITY_MAP.CT_User.ACCOUT_IDStringThe account ID of the CloudTrail user associated with the event.
Lacework.Event.ENTITY_MAP.CT_User.MFANumberAn integer representing whether MFA was used for the CloudTrail user.
Lacework.Event.ENTITY_MAP.CT_User.API_LISTStringA list of APIs used by the CloudTrail user associated with the event.
Lacework.Event.ENTITY_MAP.CT_User.REGION_LISTStringA list of regions used by the CloudTrail user associated with the event.
Lacework.Event.ENTITY_MAP.CT_User.PRINCIPAL_IDStringThe principal ID used by the CloudTrail user associated with the event.
Lacework.Event.ENTITY_MAP.Resource.NAMEStringThe name of the resource associated with the event.
Lacework.Event.ENTITY_MAP.Resource.VALUEStringThe value of the resource associated with the event.
Lacework.Event.ENTITY_MAP.RecId.REC_IDStringThe recommendation ID associated with the event.
Lacework.Event.ENTITY_MAP.RecId.ACCOUNT_IDStringThe account ID associated to the recommendation.
Lacework.Event.ENTITY_MAP.RecId.ACCOUNT_ALIASStringThe account alias associated to the recommendation.
Lacework.Event.ENTITY_MAP.RecId.TITLEStringThe title of the recommendation.
Lacework.Event.ENTITY_MAP.RecId.STATUSStringThe status of the recommendation.
Lacework.Event.ENTITY_MAP.RecId.EVAL_TYPEStringThe evaluation type of the recommendation.
Lacework.Event.ENTITY_MAP.RecId.EVAL_GUIDStringThe evaluation GUID of the recommednation.
Lacework.Event.ENTITY_MAP.CustomRule.LAST_UPDATED_TIMEDateThe last updated time of the recommendation.
Lacework.Event.ENTITY_MAP.CustomRule.LAST_UPDATED_USERStringThe last updated user of the recommendation.
Lacework.Event.ENTITY_MAP.CustomRule.DISPLAY_FILTERStringThe display filter attributed to the custom rule.
Lacework.Event.ENTITY_MAP.CustomRule.RULE_GUIDStringThe rule GUID associated to the custom rule.
Lacework.Event.ENTITY_MAP.NewViolation.REC_IDStringThe recommendation ID of the new violation.
Lacework.Event.ENTITY_MAP.NewViolation.REASONStringThe reason for the new violation.
Lacework.Event.ENTITY_MAP.NewViolation.RESOURCEStringThe resource associated with the new violation.
Lacework.Event.ENTITY_MAP.ViolationReason.REC_IDStringThe recommendation ID of the violation reason.
Lacework.Event.ENTITY_MAP.ViolationReason.REASONStringThe violation reason.

Command Example

Human Readable Output

lw-get-gcp-projects-by-organization


Fetch a list of GCP projects that are under an organization.

Base Command

lw-get-gcp-projects-by-organization

Input

Argument NameDescriptionRequired
organization_idThe GCP Organization ID to use when fetching projects data.Required

Context Output

PathTypeDescription
Lacework.GCP.organizationStringThe GCP Organization.
Lacework.GCP.projectsStringThe GCP Projects associated to the Organization.

Command Example

Human Readable Output

lw-get-container-vulnerabilities


Fetch the container vulnerability information from Lacework.

Base Command

lw-get-container-vulnerabilities

Input

Argument NameDescriptionRequired
id_typeThe identifier type for the container. (Image ID or Image Digest) The corresponding argument, image_id or image_digest, must also be provided.Required
image_idA string representing the container image ID for which to fetch vulnerabilities.Optional
image_digestA string representing the container image digest for which to fetch vulnerabilities.Optional
severityA string representing the severity of vulnerabilities to fetch.Optional
fixableA boolean which filters for fixable vulnerabilities.Optional
start_timeA "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. (ex. "2020-01-01T01:10:00Z")Optional
end_timeA "%Y-%m-%dT%H:%M:%SZ" structured timestamp to end at. (ex. "2020-01-01T01:10:00Z")Optional

Context Output

PathTypeDescription
Lacework.Vulnerability.Container.image.image_info.created_timeStringThe creation time of the container image.
Lacework.Vulnerability.Container.image.image_info.image_digestStringThe digest of the container image.
Lacework.Vulnerability.Container.image.image_info.image_idStringThe ID of the container image.
Lacework.Vulnerability.Container.image.image_info.registryStringThe registry of the container image.
Lacework.Vulnerability.Container.image.image_info.repositoryStringThe repository of the container image.
Lacework.Vulnerability.Container.image.image_info.sizeNumberThe size of the container image.
Lacework.Vulnerability.Container.image.image_info.tagsStringThe tags of the container image.
Lacework.Vulnerability.Container.image.image_layers.hashStringThe hash of the container image layer.
Lacework.Vulnerability.Container.image.image_layers.created_byStringThe 'created by' of the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.nameStringThe package names that exist in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.namespaceStringThe package namespaces that exist in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.fix_availableStringA variable representing if a fix is available for a vulnerability in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.versionStringThe package versions that exist in the contianer image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.vulnerabilities.nameStringThe vulnerability names that exist in packages in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.vulnerabilities.descriptionStringThe vulnerability descriptions that exist in packages in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.vulnerabilities.linkStringThe informational links for vulnerabilities that exist in packages in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.vulnerabilities.severityStringThe vulnerability severities that exist in packages in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.vulnerabilities.fix_versionStringThe vulnerability fix versions that exist for packages in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.fixed_versionStringThe fixed version of vulnerabilities in packages of the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.host_countStringThe host count of the packages in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.severityStringThe severity of package vulnerabilities of the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.cve_linkStringThe informational links for package vulnerabilities in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.cvss_scoreStringThe CVSS score for package vulnerabilities in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.cvss_v3_scoreStringThe CVSS v3 score for package vulnerabilities in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.cvss_v2_scoreStringThe CVSS v2 score for package vulnerabilities in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.statusStringThe status for package vulnerabilities in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.package_statusStringThe status for package activity status in the container image layer.
Lacework.Vulnerability.Container.image.image_layers.packages.first_seen_timeStringThe first seen time for packages in the container image layer.
Lacework.Vulnerability.Container.scan_statusStringThe scan status for the container.
Lacework.Vulnerability.Container.total_vulnerabilitiesNumberThe total vulnerabilties for the container.
Lacework.Vulnerability.Container.critical_vulnerabilitiesNumberThe critical severity vulnerabilties for the container.
Lacework.Vulnerability.Container.high_vulnerabilitiesNumberThe high severity vulnerabilties for the container.
Lacework.Vulnerability.Container.medium_vulnerabilitiesNumberThe medium severity vulnerabilties for the container.
Lacework.Vulnerability.Container.low_vulnerabilitiesNumberThe low severity vulnerabilties for the container.
Lacework.Vulnerability.Container.info_vulnerabilitiesNumberThe informational severity vulnerabilties for the container.
Lacework.Vulnerability.Container.fixable_vulnerabilitiesNumberThe fixable vulnerabilties for the container.
Lacework.Vulnerability.Container.last_evaluation_timeStringThe last evaluation time for the container.

Command Example

Human Readable Output

lw-get-host-vulnerabilities


Fetch the host vulnerability information from Lacework.

Base Command

lw-get-host-vulnerabilities

Input

Argument NameDescriptionRequired
severityA string representing the severity of vulnerabilities to fetch.Optional
fixableA boolean which filters for fixable vulnerabilities.Optional
start_timeA "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. (ex. "2020-01-01T01:10:00Z")Optional
end_timeA "%Y-%m-%dT%H:%M:%SZ" structured timestamp to end at. (ex. "2020-01-01T01:10:00Z")Optional
cveA string representing the CVE ID for which to filter returned results.Optional
namespaceA string representing the package namespace for which to filter results.Optional
limitAn integer representing the maximum number of results to return.Optional

Context Output

PathTypeDescription
Lacework.Vulnerability.Host.cve_idStringThe CVE ID of a host vulnerability.
Lacework.Vulnerability.Host.packages.nameStringThe vulnerable package names for a host vulnerability.
Lacework.Vulnerability.Host.packages.namespaceStringThe package namespaces for a host vulnerability.
Lacework.Vulnerability.Host.packages.fix_availableStringA string representing if a fix is available for a host vulnerability.
Lacework.Vulnerability.Host.packages.versionStringThe package version of a host vulnerability.
Lacework.Vulnerability.Host.packages.vulnerabilities.nameStringThe name of a package vulnerability.
Lacework.Vulnerability.Host.packages.vulnerabilities.descriptionStringThe description of a package vulnerability.
Lacework.Vulnerability.Host.packages.vulnerabilities.linkStringThe informational link for a package vulnerability.
Lacework.Vulnerability.Host.packages.vulnerabilities.severityStringThe severity of a package vulnerability.
Lacework.Vulnerability.Host.packages.vulnerabilities.fix_versionStringThe fixed version for a package vulnerability.
Lacework.Vulnerability.Host.packages.fixed_versionStringThe fixed version for a vulnerable package.
Lacework.Vulnerability.Host.packages.host_countStringThe host count of a vulnerable package.
Lacework.Vulnerability.Host.packages.severityStringThe severity of a vulnerable package.
Lacework.Vulnerability.Host.packages.cve_linkStringThe informational link for a CVE.
Lacework.Vulnerability.Host.packages.cvss_scoreStringThe CVSS score for a package vulnerability.
Lacework.Vulnerability.Host.packages.cvss_v3_scoreStringThe CVSS v3 score for a package vulnerability.
Lacework.Vulnerability.Host.packages.cvss_v2_scoreStringThe CVSS v2 score for a package vulnerability.
Lacework.Vulnerability.Host.packages.statusStringThe status of a package vulnerability.
Lacework.Vulnerability.Host.packages.package_statusStringThe package activity status on the host.
Lacework.Vulnerability.Host.packages.first_seen_timeStringThe first seen time for a package vulnerability.
Lacework.Vulnerability.Host.summary.total_vulnerabilitiesNumberThe total vulnerabilities for hte host.
Lacework.Vulnerability.Host.summary.last_evaluation_timeStringThe time of the last vulnerability evaluation.

Command Example

Human Readable Output