Skip to main content

Create a Policy

This topic describes how to create a custom policy.

All Lacework endpoints require an API access (bearer) token to be specified when you invoke the endpoint. If you already have a secret key, you can use the POST /api/v2/access/tokens endpoint to generate an access token. For details, see API Access Keys and Tokens.

Create the Policy

To create the policy in your Lacework instance, call the POST /api/v2/Policies endpoint with the policy in the body:

Example policy
{
"title": "Security Groups Should Not Allow Unrestricted Ingress to TCP Port 445",
"enabled": false,
"policyType": "Violation",
"alertEnabled": false,
"alertProfile": "LW_CFG_AWS_DEFAULT_PROFILE.CFG_AWS_Violation",
"evalFrequency": "Daily",
"queryId": "LW_Custom_UnrestrictedIngressToTCP445",
"severity": "high",
"description": "Security groups should not allow unrestricted ingress to TCP port 445",
"remediation": "Policy remediation"
}
Example response
{
"data": {
"policyId": "lwaccountname-default-101",
"title": "Security Groups Should Not Allow Unrestricted Ingress to TCP Port 445",
"enabled": false,
"policyType": "Violation",
"alertEnabled": false,
"alertProfile": "LW_CFG_AWS_DEFAULT_PROFILE.CFG_AWS_Violation",
"evalFrequency": "Daily",
"queryId": "LW_Custom_UnrestrictedIngressToTCP445",
"severity": "high",
"description": "Security groups should not allow unrestricted ingress to TCP port 445",
"remediation": "Policy remediation"
"owner": "example@lacework.net",
"lastUpdateTime": "2021-12-25T12:08:16.000Z",
"lastUpdateUser": "example@lacework.net"
}
}
note

Lacework can automatically generate a policyId when you create a policy. This is the recommended workflow. However, you can define your own policyId using this format: all lowercase letters optionally followed by - and numbers, for example, abcd-1234. When you define your own policyId, Lacework prepends the account name. The final policyId would then be lwaccountname-abcd-1234. You would use that policyId with the endpoints.