refactor: ✨ New CDK component #3
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
afiune
force-pushed
the
main
branch
2 times, most recently
from
94a5aef to
c7349d1
Compare
Now you can just install this component via `lacework component install cloud-hunter`,
and then execute it as:
```
$ lacework cloud-hunter
_
(` ). _
( ). .:(` )`.
) _( '`. :( . )
.=(`( . ) .-- `. ( ) )
(( (..__.:'-' .+( ) ` _` ) )
`. `( ) ) ( . ) ( ) ._
) ` __.:' ) ( ( )) `-'.-(` )
) ) ( ) --' `- __.' :( ))
.-' (_.' .') `( ) ))
(_ ) ` __.:'
_
/ `/_ _/ /_/ _ _ _/__ _
/_,//_//_//_/ / //_// //_'/ /_'/
Lacework Labs
usage: cloud-hunter [-h] [--environment LW_ENV] [--any ANYTHING] [--source EVTSOURCE] [--event EVTNAME] [--events EVTNAMES] [--type EVTTYPE] [--username ACCOUNT] [--ip SRCIP] [--userAgent UASTRING]
[--reqParam PARAM] [--reqParams PARAMS] [--region REGION] [--errorCode ERROR] [--errorCodes ERRORS] [--accessDenied STATUS] [--dns DNS] [--os OPERATING_SYSTEM]
[--hostname HOSTNAME] [--filename FILENAME] [--filetype FILETYPE] [--cmdline CMDLINE] [--hunt EXQUERY] [-y YAML_FILE] [-t DAYS] [-q] [-c] [-j] [-o OUTPUT_FILENAME]
Dynamically create queries and hunt with the Lacework Query Language (LQL) quickly and efficiently
options:
-h, --help show this help message and exit
--environment LW_ENV Lacework environment (will be set to "default" if not specified)
--any ANYTHING Include literally any keyword in an LQL query (Waring: may return thousands of results)
--source EVTSOURCE Include events by source in an LQL query
--event EVTNAME Include specific event type in an LQL query
--events EVTNAMES Include multiple events - Important - use this format: "'event1','event2'"
--type EVTTYPE Include a specific event type in an LQL query
--username ACCOUNT Include a username in an LQL query
--ip SRCIP Include a source IP address in an LQL query
--userAgent UASTRING Include a User Agent string in an LQL query
--reqParam PARAM Include a Request Parameter String in an LQL query
--reqParams PARAMS Include multiple Request Parameters - Important - use this format: "'param1','param2'"
--region REGION Include region within an LQL query
--errorCode ERROR Include an error code in an LQL query
--errorCodes ERRORS Include multiple error codes - Important - use this format: "'error1','error2'"
--accessDenied STATUS
Include Access Status in LQL query - Provide: (Y/N)
--dns DNS Include DNS entries queried from the environment
--os OPERATING_SYSTEM
Include activities related to the operating system name
--hostname HOSTNAME Include activities tied to a hostname
--filename FILENAME Include activities tied to a filename
--filetype FILETYPE Include activities tied to a type of file
--cmdline CMDLINE Include command line items in LQL query
--hunt EXQUERY Hunt by executing a raw LQL query
-y YAML_FILE Hunt using a LQL YAML file
-t DAYS Hunt timeframe in days (default 7-days)
-q, --query Display the crafted query
-c, --count Hunt and only count the hits, do not print the details to the screen
-j, --JSON View the results as raw JSON
-o OUTPUT_FILENAME Export the results in CSV format or JSON if -j argument is passed
```
Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Now you can just install this component via
lacework component install cloud-hunter, and then execute it as: