List all registered LQL policies in your Lacework instance.

External Documentation

To learn more, visit the Lacework documentation.

Example Output

{
	"data": [
		{
			"policyId": "lacework-global-89",
			"policyType": "Compliance",
			"queryId": "",
			"queryText": "",
			"title": "EC2 instance does not have any tags",
			"enabled": false,
			"description": "Tags allow users to better organize resources and assist the collection of metrics...",
			"remediation": "Perform the following to add tags:\n1. Log in to the AWS Management Console...",
			"severity": "high",
			"alertEnabled": false,
			"alertProfile": "",
			"owner": "Lacework",
			"lastUpdateTime": "2021-05-31T19:00:00.000Z",
			"lastUpdateUser": "Lacework",
			"tags": [
				"framework:aws-lacework-security-1-0",
				"domain:AWS",
				"subdomain:Configuration"
			],
			"exceptionConfiguration": {
				"constraintFields": [
					{
						"fieldKey": "accountIds",
						"dataType": "String",
						"multiValue": true
					},
					{
						"fieldKey": "regionNames",
						"dataType": "String",
						"multiValue": true
					},
					{
						"fieldKey": "resourceNames",
						"dataType": "String",
						"multiValue": false
					},
					{
						"fieldKey": "resourceTags",
						"dataType": "KVTagPair",
						"multiValue": true
					}
				]
			}
		},
		{
			"evaluatorId": "Cloudtrail",
			"policyId": "lacework...",
			"policyType": "Violation",
			"queryId": "LW_Custom_AWS_CTA_AuroraPasswordChange",
			"queryText": "LW_Custom_AWS_CTA_AuroraPasswordChange { SOURCE { CloudTrailRawEvents } FILTER ...",
			"title": "Cloudtrail Policy 2",
			"enabled": false,
			"description": "Cloudtrail Policy 2",
			"remediation": "Policy remediation 2",
			"severity": "medium",
			"limit": 100,
			"evalFrequency": "Hourly",
			"alertEnabled": true,
			"alertProfile": "LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource",
			"owner": "user@example.com",
			"lastUpdateTime": "2022-10-03T16:23:38.915Z",
			"lastUpdateUser": "user@example.com",
			"tags": [
				"domain:Host",
				"subdomain:Container"
			]
		}
	]
}

Workflow Library Example

List Policies with Lacework and Send Results Via Email

Preview this Workflow on desktop