LaceWork API Keys
Description
General
Documentation: https://docs.lacework.com/api/api-access-keys-and-tokens
Summary: Lacework is a cloud security platform. It enables the automation of cloud security without the need for manual setup of rules and policies. Users can use their
API access key
and its associatedKeyID
to obtain a short-livedAccess Token
to interact with the API. The URL of said API reassembles the following format:https://{LaceworkInstanceName}.lacework.net
. This detector aims at catching the Laceworkorganization URL
,API access key
and theKeyID
.IPs allowlist: According to the documentation, this feature is currently not available for the API.
Scopes: The permissions attached to the obtained access token depends on the type of the login account that created the secret key and the access key ID:
- Organization admin: access token gives organization admin privileges.
- Account admin: access token gives admin privileges for any organization sub-accounts where that admin is an account admin.
- Account user: this account does not have privileges to create access tokens. More details about this Role-Based API Authentication can be found in the official documentation.
Revoke the secret
An API access key can be either disabled or deleted. See (official documentation)[https://docs.lacework.com/api/api-access-keys-and-tokens].
Check for suspicious activity
It is possible to monitor activity performed within a lacework account either via their audit logs dashboard or dedicated API endpoint.
Details for Lacework api keys with account
Family: Api
Category: Monitoring
Company: Lacework
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 0.006
Prefixed: False
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- lacework
Examples
- text: |
lacework_account = "safe-account"
lacework_api_key = "SAFEACC_F3758175A0533880B17581CF6B4DF862A9D9A737A5CC192C"
lacework_api_secret = "_b5be5dd45b6be7492743f2f90a36dba3"
subdomain: safe-account
client_id: SAFEACC_F3758175A0533880B17581CF6B4DF862A9D9A737A5CC192C
client_secret: _b5be5dd45b6be7492743f2f90a36dba3
- text: |
lacework_account = "s4fe-account"
lacework_api_key = "S4FEACC_F3758175A0533880B17581CF6B4DF862A9D9A737A5CC192C"
lacework_api_secret = "_b5be5dd45b6be7492743f2f90a36dba3"
subdomain: s4fe-account
client_id: S4FEACC_F3758175A0533880B17581CF6B4DF862A9D9A737A5CC192C
client_secret: _b5be5dd45b6be7492743f2f90a36dba3
Details for Lacework api keys with url
Family: Api
Category: Monitoring
Company: Lacework
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 0.001
Prefixed: False
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- lacework
Examples
- text: |
lacework_instance_url = "safe-account.lacework.net"
lacework_api_key = "SAFEACC_F3758175A0533880B17581CF6B4DF862A9D9A737A5CC192C"
lacework_api_secret = "_b5be5dd45b6be7492743f2f90a36dba3"
subdomain: safe-account
client_id: SAFEACC_F3758175A0533880B17581CF6B4DF862A9D9A737A5CC192C
client_secret: _b5be5dd45b6be7492743f2f90a36dba3
- text: |
lacework_instance_url = "s4fe-account.lacework.net"
lacework_api_key = "S4FEACC_F3758175A0533880B17581CF6B4DF862A9D9A737A5CC192C"
lacework_api_secret = "_b5be5dd45b6be7492743f2f90a36dba3"
subdomain: s4fe-account
client_id: S4FEACC_F3758175A0533880B17581CF6B4DF862A9D9A737A5CC192C
client_secret: _b5be5dd45b6be7492743f2f90a36dba3