User
Schema
| Attribute | Description |
|---|---|
| uuid | Unique ID |
| data_source | Source where user information was fetched. For locally created users, this value is LOCAL, otherwise it indicates the IdP source. |
| create_time | Creation time of the user (for users, Lacework Edge gets from IdPs, this value indicates the creation time in IdP sources. |
| update_time | Last update time for the user object. |
| display_name | Name associated with the user. |
| status | Status can be ACTIVE, SUSPENDED. |
| role | Role can be ROLE_ADMIN, ROLE_USER. |
Create a LOCAL user
CLI
Create a json file, say create-user-pii.json, with contents as follows:
{
"user": {
"display_name": "<name of the user>",
"role": "<ROLE_USER or ROLE_ADMIN as appropriate>"
},
"user_pii": {
"email": "<email of the user>",
"login": "<login for Lacework Edge -- can be same as email>"
}
}
Running egcli to create the user (assumes token is present in environment variable)
./egcli nervecenter --address nerve-grpc.edge-guardian.io:443 create-user-pii \
--from_file create-user-pii.json
REST API
POST /api/v1/users
Body
{
"user": {
"display_name": "<name of the user>",
"role": "<ROLE_USER or ROLE_ADMIN as appropriate>"
},
"user_pii": {
"email": "<email of the user>",
"login": "<login for Lacework Edge -- can be same as email>"
}
}
Query all user records in your account
CLI
Running following egcli command will return all users in your account.
./egcli nervecenter --address nerve-grpc.edge-guardian.io:443 query-users
To query emails or logins for the users, use the following command:
./egcli nervecenter --address nerve-grpc.edge-guardian.io:443 query-user-piis
REST API
GET /api/v1/users
Get specific user
CLI
Running following egcli command will return all attributes for specified user UUID.
./egcli nervecenter --address nerve-grpc.edge-guardian.io:443 get-user --uuid <UUID>
To retrieve email or login information about the user, use the following command:
./egcli nervecenter --address nerve-grpc.edge-guardian.io:443 get-user-pii --uuid <UUID>
REST API
GET /api/v1/users/:uuid
GET /api/v1/users/:uuid/pii
Add tags to a specific user
CLI
Most common use case is to enable user to view PII data in Lacework Edge platform (by default, most PII data in log activities is obfuscated). Create a json file, add-user-tags.json, with contents as follows:
{
"uuid": "<UUID of the user>",
"tags": [
"pii_visible:*"
]
}
Running following egcli command will add tags to the user, enabling them to view PII
data in log activities inside Lacework Edge platform.
./egcli nervecenter --address nerve-grpc.edge-guardian.io:443 add-user-tags \
--from_file add-user-tags.json
REST API
POST /api/v1/users/:uuid/tags
Body
{
"tags": [
"pii_visible:*"
]
}