Identity Datasources
You can access identity and entitlement data directly from Lacework Query Language (LQL) datasources using the Lacework CLI. If you are new to LQL, refer to LQL Overview to learn more. To learn about installing and configuring the CLI, refer to Get Started.
List Available Datasources
The following command lists the available relevant datasources. The prefix LW_
denotes Lacework-created data and CE_
denotes cloud entitlements.
lacework query list-sources | grep LW_CE
LW_CE_ENTITLEMENTS
LW_CE_IDENTITIES
LW_CE_LINKED_IDENTITIES
LW_CE_REMEDIATIONS
Datasource Details
You can use the CLI to view details for the datasources. For example, to view details for the LW_CE_IDENTITIES
datasource, run the following command.
lacework query show-source LW_CE_IDENTITIES
Datasource details are also available at Cloud Entitlement Datasources.
Preview Datasources
The following command previews the LW_CE_IDENTITIES
datasource.
Example command
lacework query preview-source LW_CE_IDENTITIES
Example output
{
"ACCESS_KEYS": {},
"CREATED_TIME": 1635442232000,
"DOMAIN_ID": "123456789012",
"LAST_USED_TIME": null,
"METRICS": {
"risk_score": 0.0,
"risk_severity": "INFO"
},
"NAME": "ReadOnly+IAMFullAcces",
"PRINCIPAL_ID": "arn:aws-us-gov:iam::123456789012:group/ReadOnly+IAMFullAcces",
"PROVIDER_TYPE": "AWS",
"RECORD_CREATED_TIME": 1697097600000,
"TAGS": {}
}