You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This tool framework simplifies how partners and internal resources can execute Lacework Cloud Security Assessments to prospective customers. Below are a few example screenshots of the report that once generated is an html that can be modified and exported as a PDF and sent to prospects.
This tool leverages the Lacework FortiCNAPP API to create HTML and PDF reports.
43
33
44
34
## Downloading and Setting up the Tool
45
35
46
36
### Option 1:
47
37
48
-
Use the compiled binary on the releases page. This is the easiest option as you do not need to install python3 and the required prerequisites through pip. To execute this binary:
49
-
- Download the corresponding binary based on your computer's OS: https://github.com/lacework/extensible-reporting/releases/
38
+
Use the compiled binary on the [releases page](https://github.com/lacework/extensible-reporting/releases/latest). This is the easiest option as you do not need to install python3 or any python libraries. To execute this binary:
39
+
- Download the corresponding binary for your computer's OS from the [releases page](https://github.com/lacework/extensible-reporting/releases/latest)
40
+
- If running on MacOS or Linux you will need to:
41
+
1. Launch a terminal and execute `chmod +x lw_report_gen_mac` (replace "lw_report_gen_mac" with the name of the binary you downloaded)
42
+
2. Execute the binary FROM THE TERMINAL with the -h flag to review the command line options. You will need to provide API credentials. Read the section below on how to specify credentials, or use download a FortiCNAPP JSON credentials file and specify it:
3. On Mac, If prompted to trust this code to execute in your terminal, navigate to `System Preferences -> Security & Privacy -> Privacy (tab)` and scroll to `Developer Tools` and ensure that `Terminal` is checked. You will then need to relaunch your Terminal session
50
45
51
-
- If running on MacOS you will need to:
52
-
1. Launch a terminal and `chmod +x lw_report_gen_mac`
53
-
2. If prompted to trust this code to execute in your terminal, navigate to `System Preferences -> Security & Privacy -> Privacy (tab)` and scroll to `Developer Tools` and ensure that `Terminal` is checked. You will then need to relaunch your Terminal session
54
-
- Run the report: `./lw_report_gen_mac --author your_name --customer your_customer`
55
46
56
47
- If running on Windows you will need to:
57
-
1. Launch a command prompt and run the report from the directory you downloaded it to `lw_report_gen.exe --author your_name --customer your_customer`
58
-
59
-
48
+
1. Execute the binary FROM THE TERMINAL with the -h flag to review the command line options. You will need to provide API credentials. Read the section below on how to specify credentials, or use download a FortiCNAPP JSON credentials file and specify it:
Once the report is generated, you may edit the html with your own company logo or add in new content. From there, simply print as a PDF and your report is ready to be shared.
86
75
87
-
## GUI Mode
76
+
## Command Line Mode
77
+
78
+
If you do not want to run this tool in gui mode omit the `--gui' command line flag. You will likely need to specify additional flags
79
+
such as specifying the report format (pdf or html) `--report-format PDF`.
88
80
89
-
A new GUI mode has been added to the script. To run the script in GUI mode use the "--gui"
90
-
command line flag.
81
+
Run the tool with the `-h` flag to see a full list of options.
91
82
92
-
## Specifying a Lacework instance and credentials:
83
+
## Specifying a Lacework FortiCNAPP instance and credentials:
93
84
94
-
You must have a valid Lacework API key for your Lacework instance to run this tool. You can read about creating and downloading
85
+
You must have a valid Lacework FortiCNAPP API key for your Lacework FortiCNAPP instance to run this tool. You can read about creating and downloading
Once you have created an API key There are three ways to specify the Lacework API instance/credentials used when generating a report:
90
+
Once you have created an API key There are three ways to specify the Lacework FortiCNAPP API instance/credentials used when generating a report:
100
91
101
-
1. Install and configure the Lacework CLI to setup a credentials file which this tool will read.
92
+
1. Install and configure the Lacework FortiCNAPP CLI to setup a credentials file which this tool will read.
102
93
2. Specify a JSON file containing your API instance/credentials.
103
94
3. Specify your credentials via variables.
104
95
105
-
### Method 1: Lacework CLI
106
-
Though it is not required, you may wish to install and configure the Lacework CLI to create a .lacework.toml file containing your API credentials. Instructions to do so can be found here: https://docs.lacework.com/cli/
96
+
### Method 1: Lacework FortiCNAPP CLI
97
+
Though it is not required, you may wish to install and configure the Lacework FortiCNAPP CLI to create a .lacework.toml file containing your API credentials. Instructions to do so can be found here: https://docs.fortinet.com/document/lacework-forticnapp/latest/cli-reference/68020/get-started-with-the-lacework-forticnapp-cli
107
98
108
99
### Method 2: JSON File
109
100
110
-
You may download an API key JSON file from your Lacework instance (Settings > Configuration > API keys) and specify it using the ````"--api-key-file"```` command line
101
+
You may download an API key JSON file from your Lacework FortiCNAPP instance (Settings > Configuration > API keys) and specify it using the ````"--api-key-file"```` command line
111
102
parameter.
112
103
113
104
### Method 3: Environment Variables
114
105
115
-
If you wish to configure the LaceworkClient instance using environment variables, this tool honors the same
116
-
variables used by the Lacework CLI. The `account`, `subaccount`, `api_key`, `api_secret`, and `profile` parameters
106
+
If you wish to configure the Lacework FortiCNAPP Client instance using environment variables, this tool honors the same
107
+
variables used by the Lacework FortiCNAPP CLI. The `account`, `subaccount`, `api_key`, `api_secret`, and `profile` parameters
117
108
can all be configured as specified below.
118
109
119
110
| Environment Variable | Description | Required |
@@ -125,7 +116,7 @@ can all be configured as specified below.
125
116
|`LW_API_SECRET`| Lacework API Access Secret | Y |
126
117
## Query Time Ranges
127
118
128
-
By default the tool will query Lacework for data in the following time ranges:
119
+
By default the tool will query Lacework FortiCNAPP for data in the following time ranges:
129
120
```
130
121
Vulnerability Data Start: 25 hours prior to execution time -> End : Current time at execution
131
122
Alert Data Start Time: 7 days prior to execution time -> End: Current time at execution
@@ -153,7 +144,7 @@ Whereas to specify a 7 day window for alerts that starts 2 weeks in the past you
153
144
## Cached Data
154
145
155
146
To simplify development and limit the API calls made to a provider's backend, the main CLI interface supports the `--cache-data` flag.
156
-
If you are customizing this script you may wish to use this flag to speed up script execution during testing and eliminate most of the API calls to Lacework.
147
+
If you are customizing this script you may wish to use this flag to speed up script execution during testing and eliminate most of the API calls to Lacework FortiCNAPP.
157
148
Note that the cache files created the first time you use this flag will be used in all subsequent runs in which you use this flag. They will not expire.
158
149
If you want to create new cache files you need to manually delete the cache files. For instance on Mac and Linux:
159
150
```
@@ -193,7 +184,7 @@ put it in the `templates` folder. You can then reference this template in your c
193
184
194
185
## License and Copyright
195
186
196
-
Copyright 2022, Lacework Inc.
187
+
Copyright 2025, Fortinet Inc.
197
188
198
189
```
199
190
Licensed under the Apache License, Version 2.0 (the "License");
0 commit comments