Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New 'event' CMD: Inspect Lacework events via CLI #68

Closed
ghost opened this issue Apr 22, 2020 · 0 comments · Fixed by #70
Closed

New 'event' CMD: Inspect Lacework events via CLI #68

ghost opened this issue Apr 22, 2020 · 0 comments · Fixed by #70

Comments

@ghost
Copy link

ghost commented Apr 22, 2020
edited by ghost
Loading

Motivation

As a Lacework CLI user,
I would like to inspect Lacework Events via the CLI,
so I don't have to log in every day to the UI/Platform and I can automate internal integrations.

Proposal

Create a new event command inside the Lacework CLI with two main sub-commands.

lacework event list

Output the list of events from a time range, by default display the last 7 days.

lacework event show <EventID>

Show the details of a specific event.
@ghost ghost changed the title New event command: Inspect Lacework events via CLI New event command: Inspect Lacework events via CLI Apr 22, 2020
@ghost ghost changed the title New event command: Inspect Lacework events via CLI New 'event' CMD: Inspect Lacework events via CLI Apr 22, 2020
@ghost ghost self-assigned this Apr 22, 2020
ghost pushed a commit that referenced this issue Apr 23, 2020
@afiune
feat(cli): new event command
590cb36 
Closes #68

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
ghost pushed a commit that referenced this issue Apr 23, 2020
@afiune
feat(cli): new event list command
9a512ed 
Adding a new `event` command with one sub-commands called `list` exposed
to the end-user. This new command will list all events from a date range,
by default last 7 days unless the user provides a different range.

Example:
```
$ lacework event list
  EVENT ID |                TYPE                | SEVERITY |      START TIME      |       END TIME
-----------+------------------------------------+----------+----------------------+-----------------------
        10 | NewViolations                      | High     | 2020-04-20T13:00:00Z | 2020-04-20T14:00:00Z
         4 | VPCNetworkFirewallRuleChanged      | Medium   | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z
         8 | VPCNetworkRouteChanged             | Medium   | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z
         1 | ProjectOwnershipAssignmentsChanged | Medium   | 2020-04-16T17:00:00Z | 2020-04-16T18:00:00Z
         6 | NewViolations                      | Medium   | 2020-04-18T13:00:00Z | 2020-04-18T14:00:00Z
         3 | VPCNetworkChanged                  | Medium   | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z
         2 | CloudStorageIAMPermissionChanged   | Medium   | 2020-04-16T18:00:00Z | 2020-04-16T19:00:00Z
         5 | CloudStorageIAMPermissionChanged   | Low      | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z
         9 | VPCNetworkRouteChanged             | Low      | 2020-04-20T04:00:00Z | 2020-04-20T05:00:00Z
         7 | VPCNetworkFirewallRuleChanged      | Low      | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z
```

Issue #68

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
@ghost ghost mentioned this issue Apr 23, 2020
Merged
ghost pushed a commit that referenced this issue Apr 23, 2020
@afiune
feat(cli): new event list command
2b2c858 
Adding a new `event` command with one sub-commands called `list` exposed
to the end-user. This new command will list all events from a date range,
by default last 7 days unless the user provides a different range.

Example: Human readable output
```
$ lacework event list
  EVENT ID |                TYPE                | SEVERITY |      START TIME      |       END TIME
-----------+------------------------------------+----------+----------------------+-----------------------
        10 | NewViolations                      | High     | 2020-04-20T13:00:00Z | 2020-04-20T14:00:00Z
         4 | VPCNetworkFirewallRuleChanged      | Medium   | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z
         8 | VPCNetworkRouteChanged             | Medium   | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z
         1 | ProjectOwnershipAssignmentsChanged | Medium   | 2020-04-16T17:00:00Z | 2020-04-16T18:00:00Z
         6 | NewViolations                      | Medium   | 2020-04-18T13:00:00Z | 2020-04-18T14:00:00Z
         3 | VPCNetworkChanged                  | Medium   | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z
         2 | CloudStorageIAMPermissionChanged   | Medium   | 2020-04-16T18:00:00Z | 2020-04-16T19:00:00Z
         5 | CloudStorageIAMPermissionChanged   | Low      | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z
         9 | VPCNetworkRouteChanged             | Low      | 2020-04-20T04:00:00Z | 2020-04-20T05:00:00Z
         7 | VPCNetworkFirewallRuleChanged      | Low      | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z
```

Example: Machine/JSON format
```
$ lacework event list --json
[
  {
    "end_time": "2020-04-20T14:00:00Z",
    "event_id": "10",
    "event_type": "NewViolations",
    "severity": "2",
    "start_time": "2020-04-20T13:00:00Z"
  },
  {
    "end_time": "2020-04-16T21:00:00Z",
    "event_id": "4",
    "event_type": "VPCNetworkFirewallRuleChanged",
    "severity": "3",
    "start_time": "2020-04-16T20:00:00Z"
  },
  {
    "end_time": "2020-04-20T00:00:00Z",
    "event_id": "8",
    "event_type": "VPCNetworkRouteChanged",
    "severity": "3",
    "start_time": "2020-04-19T23:00:00Z"
  },
  {
    "end_time": "2020-04-16T18:00:00Z",
    "event_id": "1",
    "event_type": "ProjectOwnershipAssignmentsChanged",
    "severity": "3",
    "start_time": "2020-04-16T17:00:00Z"
  },
  {
    "end_time": "2020-04-18T14:00:00Z",
    "event_id": "6",
    "event_type": "NewViolations",
    "severity": "3",
    "start_time": "2020-04-18T13:00:00Z"
  },
  {
    "end_time": "2020-04-16T21:00:00Z",
    "event_id": "3",
    "event_type": "VPCNetworkChanged",
    "severity": "3",
    "start_time": "2020-04-16T20:00:00Z"
  },
  {
    "end_time": "2020-04-16T19:00:00Z",
    "event_id": "2",
    "event_type": "CloudStorageIAMPermissionChanged",
    "severity": "3",
    "start_time": "2020-04-16T18:00:00Z"
  },
  {
    "end_time": "2020-04-17T20:00:00Z",
    "event_id": "5",
    "event_type": "CloudStorageIAMPermissionChanged",
    "severity": "4",
    "start_time": "2020-04-17T19:00:00Z"
  },
  {
    "end_time": "2020-04-20T05:00:00Z",
    "event_id": "9",
    "event_type": "VPCNetworkRouteChanged",
    "severity": "4",
    "start_time": "2020-04-20T04:00:00Z"
  },
  {
    "end_time": "2020-04-20T00:00:00Z",
    "event_id": "7",
    "event_type": "VPCNetworkFirewallRuleChanged",
    "severity": "4",
    "start_time": "2020-04-19T23:00:00Z"
  }
]
```

Issue #68

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
ghost pushed a commit that referenced this issue Apr 23, 2020
@afiune
feat(cli): new event list command
d7c9f9e 
Adding a new `event` command with one sub-commands called `list` exposed
to the end-user. This new command will list all events from a date range,
by default last 7 days unless the user provides a different range.

Example: Human readable output
```
$ lacework event list
  EVENT ID |                TYPE                | SEVERITY |      START TIME      |       END TIME
-----------+------------------------------------+----------+----------------------+-----------------------
        10 | NewViolations                      | High     | 2020-04-20T13:00:00Z | 2020-04-20T14:00:00Z
         4 | VPCNetworkFirewallRuleChanged      | Medium   | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z
         8 | VPCNetworkRouteChanged             | Medium   | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z
         1 | ProjectOwnershipAssignmentsChanged | Medium   | 2020-04-16T17:00:00Z | 2020-04-16T18:00:00Z
         6 | NewViolations                      | Medium   | 2020-04-18T13:00:00Z | 2020-04-18T14:00:00Z
         3 | VPCNetworkChanged                  | Medium   | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z
         2 | CloudStorageIAMPermissionChanged   | Medium   | 2020-04-16T18:00:00Z | 2020-04-16T19:00:00Z
         5 | CloudStorageIAMPermissionChanged   | Low      | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z
         9 | VPCNetworkRouteChanged             | Low      | 2020-04-20T04:00:00Z | 2020-04-20T05:00:00Z
         7 | VPCNetworkFirewallRuleChanged      | Low      | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z
```

Example: Machine/JSON format
```
$ lacework event list --json
[
  {
    "end_time": "2020-04-20T14:00:00Z",
    "event_id": "10",
    "event_type": "NewViolations",
    "severity": "2",
    "start_time": "2020-04-20T13:00:00Z"
  },
  {
    "end_time": "2020-04-16T21:00:00Z",
    "event_id": "4",
    "event_type": "VPCNetworkFirewallRuleChanged",
    "severity": "3",
    "start_time": "2020-04-16T20:00:00Z"
  },
  {
    "end_time": "2020-04-20T00:00:00Z",
    "event_id": "8",
    "event_type": "VPCNetworkRouteChanged",
    "severity": "3",
    "start_time": "2020-04-19T23:00:00Z"
  },
  {
    "end_time": "2020-04-16T18:00:00Z",
    "event_id": "1",
    "event_type": "ProjectOwnershipAssignmentsChanged",
    "severity": "3",
    "start_time": "2020-04-16T17:00:00Z"
  },
  {
    "end_time": "2020-04-18T14:00:00Z",
    "event_id": "6",
    "event_type": "NewViolations",
    "severity": "3",
    "start_time": "2020-04-18T13:00:00Z"
  },
  {
    "end_time": "2020-04-16T21:00:00Z",
    "event_id": "3",
    "event_type": "VPCNetworkChanged",
    "severity": "3",
    "start_time": "2020-04-16T20:00:00Z"
  },
  {
    "end_time": "2020-04-16T19:00:00Z",
    "event_id": "2",
    "event_type": "CloudStorageIAMPermissionChanged",
    "severity": "3",
    "start_time": "2020-04-16T18:00:00Z"
  },
  {
    "end_time": "2020-04-17T20:00:00Z",
    "event_id": "5",
    "event_type": "CloudStorageIAMPermissionChanged",
    "severity": "4",
    "start_time": "2020-04-17T19:00:00Z"
  },
  {
    "end_time": "2020-04-20T05:00:00Z",
    "event_id": "9",
    "event_type": "VPCNetworkRouteChanged",
    "severity": "4",
    "start_time": "2020-04-20T04:00:00Z"
  },
  {
    "end_time": "2020-04-20T00:00:00Z",
    "event_id": "7",
    "event_type": "VPCNetworkFirewallRuleChanged",
    "severity": "4",
    "start_time": "2020-04-19T23:00:00Z"
  }
]
```

Issue #68

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
ghost pushed a commit that referenced this issue Apr 23, 2020
@afiune
feat(cli): new event show command
8f75c78 
Adding a new `show` sub-command to the `event` command that will show
the details of a specific event.

Example: Human readable output
```
$ lacework event show 5
  EVENT ID |               TYPE               |     ACTOR     |      MODEL       |      START TIME      |       END TIME
-----------+----------------------------------+---------------+------------------+----------------------+-----------------------
         5 | CloudStorageIAMPermissionChanged | GcpAuditTrail | GcpAuditTrailCep | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z
```

Example: Machine/JSON format
```
$ lacework event show 5 --json
{
  "end_time": "2020-04-17T20:00:00Z",
  "entity_map": {
    "resource": [
      {
        "name": "gcs_bucket.location",
        "value": "us"
      },
      {
        "name": "gcs_bucket.project_id",
        "value": "gcr-jenkins-sandbox-1234"
      },
      {
        "name": "gcs_bucket.bucket_name",
        "value": "us.artifacts.gcr-jenkins-sandbox-1234.appspot.com"
      }
    ]
  },
  "event_actor": "GcpAuditTrail",
  "event_id": "5",
  "event_model": "GcpAuditTrailCep",
  "event_type": "CloudStorageIAMPermissionChanged",
  "start_time": "2020-04-17T19:00:00Z"
}
```

Closes #68

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
@ghost ghost mentioned this issue Apr 23, 2020
Merged
@ghost ghost closed this as completed in #70 Apr 23, 2020
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

API Events Details imp + New event show CMD lacework/go-sdk
0 participants