Skip to main content

REST API and CLI

Lacework Edge REST API and Command Line Interface (egcli) allow end users to programmatically query and manage different objects in the platform.

API Tokens

API Tokens are necessary for interacting with Lacework Edge over both the REST API and CLI. Tokens are associated with the user that creates them, so that their access level and activity auditing over API or CLI is treated the same as in the UI.

If you are an Admin user, you can create and delete tokens via the UI and CLI.

API Token UI

In the Lacework Edge UI, browse to Settings > API Tokens. There you will find a list of existing tokens in your account.

Create an API Token

  • In the API Token UI, click Create Token.
  • You will be asked for a name for this token and to click Create.
  • In the ensuing screen, a token will be displayed once when initially created. Please copy and save this token, as you will not able to retrieve it from the UI or CLI.

egcli

CLI Installation

  1. Download the egcli binary for your platform. You can place this binary anywhere on your file system.

    Linux 64-bit x86
    MacOS 64-bit x86
    MacOS 64-bit ARM
    Windows 64-bit x86

  2. For Linux and macOS, you'll need to make the cli tool executable:

    chmod +x egcli
    xattr -cr egcli

  3. Run egcli at command-line and verify output

    ./egcli nervecenter help

CLI Getting Started

The CLI requires an API Token. Once you have an API Token, you can pass it to the CLI one of two ways:

  • As an environment variable:
    • Linux/Mac: export EGCLI_NERVECENTER_TOKEN=your_api_token
    • Windows: set EGCLI_NERVECENTER_TOKEN=your_api_token
  • As a flag on the CLI command line: --token your_api_token

CLI commands begin with the phrase egcli nervecenter. Running this command on its own will return the main help page, which lists all of the commands available in the CLI.

For each command, running with -h or --help will respond with the details of that command, including available flags. Example: egcli nervecenter query-policies --help

CLI commands respond with pretty-printed JSON. If you need to format that JSON into a single line for parsing, append | jq -c . to the command line.