Get Policy

Get details about a single LQL policy.

External Documentation

To learn more, visit the Lacework documentation.

Parameters

Parameter	Description
Policy ID	The ID if the policy to get details of. Can be retrieved from the 'List Policies' action.

Example Output

{
  "data": {
    "evaluatorId": "Cloudtrail",
    "policyId": "lacework...",
    "policyType": "Violation",
    "queryId": "LW_Custom_AWS_CTA_AuroraPasswordChange",
    "queryText": "LW_Custom_AWS_CTA_AuroraPasswordChange { SOURCE { CloudTrailRawEvents } FILTER ...",
    "title": "Cloudtrail Policy 2",
    "enabled": false,
    "description": "Cloudtrail Policy 2",
    "remediation": "Policy remediation 2",
    "severity": "medium",
    "limit": 100,
    "evalFrequency": "Hourly",
    "alertEnabled": true,
    "alertProfile": "LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource",
    "owner": "user@example.com",
    "lastUpdateTime": "2022-10-03T16:23:38.915Z",
    "lastUpdateUser": "user@example.com",
    "tags": [
      "domain:Host",
      "subdomain:Container"
    ]
  }
}ExecuteQueries

Workflow Library Example

Get Policy with Lacework and Send Results Via Email

Preview this Workflow on desktop

Get Policy

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example