List Policies
List all registered LQL policies in your Lacework instance.
External Documentation
To learn more, visit the Lacework documentation.
Example Output
{
"data": [
{
"policyId": "lacework-global-89",
"policyType": "Compliance",
"queryId": "",
"queryText": "",
"title": "EC2 instance does not have any tags",
"enabled": false,
"description": "Tags allow users to better organize resources and assist the collection of metrics...",
"remediation": "Perform the following to add tags:\n1. Log in to the AWS Management Console...",
"severity": "high",
"alertEnabled": false,
"alertProfile": "",
"owner": "Lacework",
"lastUpdateTime": "2021-05-31T19:00:00.000Z",
"lastUpdateUser": "Lacework",
"tags": [
"framework:aws-lacework-security-1-0",
"domain:AWS",
"subdomain:Configuration"
],
"exceptionConfiguration": {
"constraintFields": [
{
"fieldKey": "accountIds",
"dataType": "String",
"multiValue": true
},
{
"fieldKey": "regionNames",
"dataType": "String",
"multiValue": true
},
{
"fieldKey": "resourceNames",
"dataType": "String",
"multiValue": false
},
{
"fieldKey": "resourceTags",
"dataType": "KVTagPair",
"multiValue": true
}
]
}
},
{
"evaluatorId": "Cloudtrail",
"policyId": "lacework...",
"policyType": "Violation",
"queryId": "LW_Custom_AWS_CTA_AuroraPasswordChange",
"queryText": "LW_Custom_AWS_CTA_AuroraPasswordChange { SOURCE { CloudTrailRawEvents } FILTER ...",
"title": "Cloudtrail Policy 2",
"enabled": false,
"description": "Cloudtrail Policy 2",
"remediation": "Policy remediation 2",
"severity": "medium",
"limit": 100,
"evalFrequency": "Hourly",
"alertEnabled": true,
"alertProfile": "LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource",
"owner": "user@example.com",
"lastUpdateTime": "2022-10-03T16:23:38.915Z",
"lastUpdateUser": "user@example.com",
"tags": [
"domain:Host",
"subdomain:Container"
]
}
]
}
Workflow Library Example
List Policies with Lacework and Send Results Via Email
Preview this Workflow on desktop