-
Notifications
You must be signed in to change notification settings - Fork 19
/
example_active_container_vulnerabilities.py
87 lines (74 loc) · 2.36 KB
/
example_active_container_vulnerabilities.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# -*- coding: utf-8 -*-
"""
Example script showing how to use the LaceworkClient class.
"""
import logging
from datetime import datetime, timedelta, timezone
from dotenv import load_dotenv
from laceworksdk import LaceworkClient
logging.basicConfig(level=logging.DEBUG)
load_dotenv()
if __name__ == "__main__":
# Instantiate a LaceworkClient instance
lacework_client = LaceworkClient()
# Build start/end times
current_time = datetime.now(timezone.utc)
start_time = current_time - timedelta(days=1)
start_time = start_time.strftime("%Y-%m-%dT%H:%M:%S%z")
end_time = current_time.strftime("%Y-%m-%dT%H:%M:%S%z")
# Entities API
# Get active image IDs
active_containers = lacework_client.entities.containers.search(
json={
"timefilter":
{"starTime": start_time,
"endTime": end_time},
"returns": [
"imageId"
]
}
)
image_ids = set()
for page in active_containers:
for item in page["data"]:
image_ids.add(item["imageId"])
# Vulnerabilities API
active_container_vulns = lacework_client.vulnerabilities.containers.search(
json={
"timefilter":
{
"starTime": start_time,
"endTime": end_time
},
"filters": [
{
"field": "imageId",
"expression": "in",
"values": list(image_ids)
},
{
"field": "severity",
"expression": "in",
"values": [
"Critical",
"High"
]
},
{
"field": "status",
"expression": "eq",
"value": "VULNERABLE"
},
{
"field": "fixInfo.fix_available",
"expression": "eq",
"value": 1
}
]
}
)
for page in active_container_vulns:
# Do something way more interesting with the fixable Critical and High sev
# vulnerabilities for containers that were active in the past 24 hours here...
print(page["paging"]["totalRows"])
exit()