Create a Policy
This topic describes how to create a custom policy.
All Lacework endpoints require an API access (bearer) token to be specified when you invoke the endpoint. If you already have a secret key, you can use the POST /api/v2/access/tokens
endpoint to generate an access token. For details, see API Access Keys and Tokens.
Create the Policy
To create the policy in your Lacework instance, call the POST /api/v2/Policies
endpoint with the policy in the body:
{
"title": "Security Groups Should Not Allow Unrestricted Ingress to TCP Port 445",
"enabled": false,
"policyType": "Violation",
"alertEnabled": false,
"alertProfile": "LW_CFG_AWS_DEFAULT_PROFILE.CFG_AWS_Violation",
"evalFrequency": "Daily",
"queryId": "LW_Custom_UnrestrictedIngressToTCP445",
"severity": "high",
"description": "Security groups should not allow unrestricted ingress to TCP port 445",
"remediation": "Policy remediation"
}
{
"data": {
"policyId": "lwaccountname-default-101",
"title": "Security Groups Should Not Allow Unrestricted Ingress to TCP Port 445",
"enabled": false,
"policyType": "Violation",
"alertEnabled": false,
"alertProfile": "LW_CFG_AWS_DEFAULT_PROFILE.CFG_AWS_Violation",
"evalFrequency": "Daily",
"queryId": "LW_Custom_UnrestrictedIngressToTCP445",
"severity": "high",
"description": "Security groups should not allow unrestricted ingress to TCP port 445",
"remediation": "Policy remediation"
"owner": "example@lacework.net",
"lastUpdateTime": "2021-12-25T12:08:16.000Z",
"lastUpdateUser": "example@lacework.net"
}
}
note
Lacework can automatically generate a policyId
when you create a policy. This is the recommended workflow. However, you can define your own policyId
using this format: all lowercase letters optionally followed by -
and numbers, for example, abcd-1234
. When you define your own policyId
, Lacework prepends the account name. The final policyId
would then be lwaccountname-abcd-1234
. You would use that policyId
with the endpoints.