Skip to main content
Get details about a single LQL policy.
External DocumentationTo learn more, visit the Lacework documentation.

Parameters

ParameterDescription
Policy IDThe ID if the policy to get details of. Can be retrieved from the ‘List Policies’ action.

Example Output

{
  "data": {
    "evaluatorId": "Cloudtrail",
    "policyId": "lacework...",
    "policyType": "Violation",
    "queryId": "LW_Custom_AWS_CTA_AuroraPasswordChange",
    "queryText": "LW_Custom_AWS_CTA_AuroraPasswordChange { SOURCE { CloudTrailRawEvents } FILTER ...",
    "title": "Cloudtrail Policy 2",
    "enabled": false,
    "description": "Cloudtrail Policy 2",
    "remediation": "Policy remediation 2",
    "severity": "medium",
    "limit": 100,
    "evalFrequency": "Hourly",
    "alertEnabled": true,
    "alertProfile": "LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource",
    "owner": "user@example.com",
    "lastUpdateTime": "2022-10-03T16:23:38.915Z",
    "lastUpdateUser": "user@example.com",
    "tags": [
      "domain:Host",
      "subdomain:Container"
    ]
  }
}ExecuteQueries

Workflow Library Example

Get Policy with Lacework and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop