-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New 'event' CMD: Inspect Lacework events via CLI #68
Comments
event
command: Inspect Lacework events via CLI
ghost
pushed a commit
that referenced
this issue
Apr 23, 2020
Closes #68 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
ghost
pushed a commit
that referenced
this issue
Apr 23, 2020
Adding a new `event` command with one sub-commands called `list` exposed to the end-user. This new command will list all events from a date range, by default last 7 days unless the user provides a different range. Example: ``` $ lacework event list EVENT ID | TYPE | SEVERITY | START TIME | END TIME -----------+------------------------------------+----------+----------------------+----------------------- 10 | NewViolations | High | 2020-04-20T13:00:00Z | 2020-04-20T14:00:00Z 4 | VPCNetworkFirewallRuleChanged | Medium | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z 8 | VPCNetworkRouteChanged | Medium | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z 1 | ProjectOwnershipAssignmentsChanged | Medium | 2020-04-16T17:00:00Z | 2020-04-16T18:00:00Z 6 | NewViolations | Medium | 2020-04-18T13:00:00Z | 2020-04-18T14:00:00Z 3 | VPCNetworkChanged | Medium | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z 2 | CloudStorageIAMPermissionChanged | Medium | 2020-04-16T18:00:00Z | 2020-04-16T19:00:00Z 5 | CloudStorageIAMPermissionChanged | Low | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z 9 | VPCNetworkRouteChanged | Low | 2020-04-20T04:00:00Z | 2020-04-20T05:00:00Z 7 | VPCNetworkFirewallRuleChanged | Low | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z ``` Issue #68 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
ghost
pushed a commit
that referenced
this issue
Apr 23, 2020
Adding a new `event` command with one sub-commands called `list` exposed to the end-user. This new command will list all events from a date range, by default last 7 days unless the user provides a different range. Example: Human readable output ``` $ lacework event list EVENT ID | TYPE | SEVERITY | START TIME | END TIME -----------+------------------------------------+----------+----------------------+----------------------- 10 | NewViolations | High | 2020-04-20T13:00:00Z | 2020-04-20T14:00:00Z 4 | VPCNetworkFirewallRuleChanged | Medium | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z 8 | VPCNetworkRouteChanged | Medium | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z 1 | ProjectOwnershipAssignmentsChanged | Medium | 2020-04-16T17:00:00Z | 2020-04-16T18:00:00Z 6 | NewViolations | Medium | 2020-04-18T13:00:00Z | 2020-04-18T14:00:00Z 3 | VPCNetworkChanged | Medium | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z 2 | CloudStorageIAMPermissionChanged | Medium | 2020-04-16T18:00:00Z | 2020-04-16T19:00:00Z 5 | CloudStorageIAMPermissionChanged | Low | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z 9 | VPCNetworkRouteChanged | Low | 2020-04-20T04:00:00Z | 2020-04-20T05:00:00Z 7 | VPCNetworkFirewallRuleChanged | Low | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z ``` Example: Machine/JSON format ``` $ lacework event list --json [ { "end_time": "2020-04-20T14:00:00Z", "event_id": "10", "event_type": "NewViolations", "severity": "2", "start_time": "2020-04-20T13:00:00Z" }, { "end_time": "2020-04-16T21:00:00Z", "event_id": "4", "event_type": "VPCNetworkFirewallRuleChanged", "severity": "3", "start_time": "2020-04-16T20:00:00Z" }, { "end_time": "2020-04-20T00:00:00Z", "event_id": "8", "event_type": "VPCNetworkRouteChanged", "severity": "3", "start_time": "2020-04-19T23:00:00Z" }, { "end_time": "2020-04-16T18:00:00Z", "event_id": "1", "event_type": "ProjectOwnershipAssignmentsChanged", "severity": "3", "start_time": "2020-04-16T17:00:00Z" }, { "end_time": "2020-04-18T14:00:00Z", "event_id": "6", "event_type": "NewViolations", "severity": "3", "start_time": "2020-04-18T13:00:00Z" }, { "end_time": "2020-04-16T21:00:00Z", "event_id": "3", "event_type": "VPCNetworkChanged", "severity": "3", "start_time": "2020-04-16T20:00:00Z" }, { "end_time": "2020-04-16T19:00:00Z", "event_id": "2", "event_type": "CloudStorageIAMPermissionChanged", "severity": "3", "start_time": "2020-04-16T18:00:00Z" }, { "end_time": "2020-04-17T20:00:00Z", "event_id": "5", "event_type": "CloudStorageIAMPermissionChanged", "severity": "4", "start_time": "2020-04-17T19:00:00Z" }, { "end_time": "2020-04-20T05:00:00Z", "event_id": "9", "event_type": "VPCNetworkRouteChanged", "severity": "4", "start_time": "2020-04-20T04:00:00Z" }, { "end_time": "2020-04-20T00:00:00Z", "event_id": "7", "event_type": "VPCNetworkFirewallRuleChanged", "severity": "4", "start_time": "2020-04-19T23:00:00Z" } ] ``` Issue #68 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
ghost
pushed a commit
that referenced
this issue
Apr 23, 2020
Adding a new `event` command with one sub-commands called `list` exposed to the end-user. This new command will list all events from a date range, by default last 7 days unless the user provides a different range. Example: Human readable output ``` $ lacework event list EVENT ID | TYPE | SEVERITY | START TIME | END TIME -----------+------------------------------------+----------+----------------------+----------------------- 10 | NewViolations | High | 2020-04-20T13:00:00Z | 2020-04-20T14:00:00Z 4 | VPCNetworkFirewallRuleChanged | Medium | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z 8 | VPCNetworkRouteChanged | Medium | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z 1 | ProjectOwnershipAssignmentsChanged | Medium | 2020-04-16T17:00:00Z | 2020-04-16T18:00:00Z 6 | NewViolations | Medium | 2020-04-18T13:00:00Z | 2020-04-18T14:00:00Z 3 | VPCNetworkChanged | Medium | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z 2 | CloudStorageIAMPermissionChanged | Medium | 2020-04-16T18:00:00Z | 2020-04-16T19:00:00Z 5 | CloudStorageIAMPermissionChanged | Low | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z 9 | VPCNetworkRouteChanged | Low | 2020-04-20T04:00:00Z | 2020-04-20T05:00:00Z 7 | VPCNetworkFirewallRuleChanged | Low | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z ``` Example: Machine/JSON format ``` $ lacework event list --json [ { "end_time": "2020-04-20T14:00:00Z", "event_id": "10", "event_type": "NewViolations", "severity": "2", "start_time": "2020-04-20T13:00:00Z" }, { "end_time": "2020-04-16T21:00:00Z", "event_id": "4", "event_type": "VPCNetworkFirewallRuleChanged", "severity": "3", "start_time": "2020-04-16T20:00:00Z" }, { "end_time": "2020-04-20T00:00:00Z", "event_id": "8", "event_type": "VPCNetworkRouteChanged", "severity": "3", "start_time": "2020-04-19T23:00:00Z" }, { "end_time": "2020-04-16T18:00:00Z", "event_id": "1", "event_type": "ProjectOwnershipAssignmentsChanged", "severity": "3", "start_time": "2020-04-16T17:00:00Z" }, { "end_time": "2020-04-18T14:00:00Z", "event_id": "6", "event_type": "NewViolations", "severity": "3", "start_time": "2020-04-18T13:00:00Z" }, { "end_time": "2020-04-16T21:00:00Z", "event_id": "3", "event_type": "VPCNetworkChanged", "severity": "3", "start_time": "2020-04-16T20:00:00Z" }, { "end_time": "2020-04-16T19:00:00Z", "event_id": "2", "event_type": "CloudStorageIAMPermissionChanged", "severity": "3", "start_time": "2020-04-16T18:00:00Z" }, { "end_time": "2020-04-17T20:00:00Z", "event_id": "5", "event_type": "CloudStorageIAMPermissionChanged", "severity": "4", "start_time": "2020-04-17T19:00:00Z" }, { "end_time": "2020-04-20T05:00:00Z", "event_id": "9", "event_type": "VPCNetworkRouteChanged", "severity": "4", "start_time": "2020-04-20T04:00:00Z" }, { "end_time": "2020-04-20T00:00:00Z", "event_id": "7", "event_type": "VPCNetworkFirewallRuleChanged", "severity": "4", "start_time": "2020-04-19T23:00:00Z" } ] ``` Issue #68 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
ghost
pushed a commit
that referenced
this issue
Apr 23, 2020
Adding a new `show` sub-command to the `event` command that will show the details of a specific event. Example: Human readable output ``` $ lacework event show 5 EVENT ID | TYPE | ACTOR | MODEL | START TIME | END TIME -----------+----------------------------------+---------------+------------------+----------------------+----------------------- 5 | CloudStorageIAMPermissionChanged | GcpAuditTrail | GcpAuditTrailCep | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z ``` Example: Machine/JSON format ``` $ lacework event show 5 --json { "end_time": "2020-04-17T20:00:00Z", "entity_map": { "resource": [ { "name": "gcs_bucket.location", "value": "us" }, { "name": "gcs_bucket.project_id", "value": "gcr-jenkins-sandbox-1234" }, { "name": "gcs_bucket.bucket_name", "value": "us.artifacts.gcr-jenkins-sandbox-1234.appspot.com" } ] }, "event_actor": "GcpAuditTrail", "event_id": "5", "event_model": "GcpAuditTrailCep", "event_type": "CloudStorageIAMPermissionChanged", "start_time": "2020-04-17T19:00:00Z" } ``` Closes #68 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Motivation
Proposal
Create a new
event
command inside the Lacework CLI with two main sub-commands.lacework event list
Output the list of events from a time range, by default display the last 7 days.
lacework event show <EventID>
Show the details of a specific event.
The text was updated successfully, but these errors were encountered: