Product Updates
Hack'd
Live Security Workshops

Welcome to our community

Community Q&A and Discussion

Start discussions about cloud security or Lacework, ask questions, get answers

Product updates

Read the latest news from our product team

Support

File a Support Ticket

Lacework Academy

Essential information and instructions to set up and use Lacework

Featured topics

Recent activity
Help others
Categories

meagen.eisenbergLacer

Lacework News and Notes

New CISO Board Book

Hey everyone, Did you know that only nine percent of boards in the Fortune 500 companies have directors with strong cybersecurity knowledge? Combined with the meteoric rise of digital breaches, there’s a desperate need for cybersecurity expertise on company boards right now. And it’s only going to grow. Edition two of the CISO Board Book from Lacework fills that gap and provides a comprehensive library of security expertise ready for board appointment. Chock full of expert security leaders from leading companies like Rolls-Royce Power Systems AG, Hugo Boss, and SAP, the resource is an excellent source of expertise for boards large and small. New York Times - Welcome to the next class of Security leaders Next year’s Board Book is also already in the works. If you’re a CISO or other executive level cybersecurity expert that would like to be included, send us a note at boardbook@lacework.com and connect with me on LInkedIn. Meagen AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

9 hours ago

dariooshParticipant

General Platform Administration and Configuration

AWS IdC monitoring

Hi, Is there a way, or is there a roadmap, to monitor IdC users in AWS. The users created in one public cloud sync to AWS IdC. We can imagine that with some high privileges, perhaps, some permissions could be modified. Can Lacework put an eyes on this? Thanks AgentLinux 6.6XPlatformUsing Lacework/OperationalizingCloudAWS

1 day ago

craigbeyerjrCommunity Manager

Cloud Workload Security

How can Lacework help me triage identified IaC Security violations?

The Lacework IaC Security scanner continuously assess your Infrastructure as Code repository to identify misconfigurations before resources are instantiated in your cloud environment. To ensure a swift and easy remediation process, the Lacework platform provides extensive information for each violation. To find more information on the violation click on the violation and reference the Guidelines tab. (screenshot attached)Here, you will find all relevant information about the violation enabling you to triage and how to effectively remediate the violation. AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

4 days ago

scott.russellCommunity Manager

General Platform Administration and Configuration

"Failed to upload log" Error in Linux Agent Logs

It has been found that if you deployed the Lacework Linux Agent (version 6.10.0) on GKE Autopilot using the Lacework Helm Chart, then you might see warning log messages similar to this popping up in your Cloud Logs:time="2023-11-26T21:45:15.811Z" level=warning msg="Failed to upload log: /var/log/lacework/datacollector.console.log, stat /var/log/lacework/datacollector.console.log: no such file or directory " caller="agentmgr.go:105" pid=5065 Assuming you can see data on your clusters, nodes, and pods from within your Lacework console, then we can say with a high level of certainty that this is expected behavior. This is dev specific logging that indicates no negative effect on your installation. That being said, if you are still worried or want to suppress the warning, feel free to submit a support ticket. While this information may be relevant to other agent versions or installation methods, it's important to note that we haven't reviewed or tested them. Consequently, we cannot confid

6 days ago

scott.russellCommunity Manager

General Platform Administration and Configuration

Are real-time emailed alerts possible? I created an Alert Rule, but I'm not seeing that many alerts being sent to my Alert Channel.

Yes and no... very few pieces of software are actually "real-time". That being said, it is possible to have alerts sent to your specific Alert Channel as soon as they are fired within Lacework. If you have an Alert Rule that isn't sending alerts to the Alert Channel you've specified, make sure to double check the filters you have defined for the Alert Rule. Sometimes, if you are too specific with your filters it can actually negatively impact the alerts that are sent to the Alert Channel. As a general rule of thumb, it is better to be more broad with your filters so that you can verify you are receiving alerts. Then, over time, you can introduce more granularity into the Alert Rule as per your requirements. AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

7 days ago

Grant MartinCommunity Manager

Lacework AI Assist launches to simplify cloud security and level up your team

Lacework AI Assist, an assistive generative AI technology developed internally at Lacework, is a powerful new tool designed to help teams better understand cloud environments, gain insights faster and level up cybersecurity skills.Launched today, Lacework assistive technology that provides customers with the capability to ask questions in clear language such as:Why should I look at this alert? What Lacework tools can I use to further investigate this? How do I fix this misconfiguration using the AWS CLI? Does this violation affect my SOC2 compliance?Output from the tool is delivered in a simple, concise format designed to be both understood by the entry-level security analyst and with the technical depth to be actionable. Here’s what this conversation would look like with Lacework AI Assist: “Why does this alert matter?” “This alert is important because it involves enabling Role Based Access Control (RBAC) for Azure Key Vault, which is a crucial aspect of managing access permissions

160

7 days ago

scott.russellCommunity Manager

Vulnerability Management

I currently have two Cloud Account integrations: TF AWS CloudTrail and TF AWS Configuration. If I want to add Agentless Workload Scanning (AWLS), do I need to add a new Cloud Account, or should I modify/replace the existing TF Cloudtrail account?

Short Answer: You can treat Agentless Workload Scanning as it's own integration. You don't need to modify anything in the existing integrations. You can just create a separate one using any of our Agentless Workload Scanning (AWLS) integration methods, found here: https://docs.lacework.net/onboarding/category/aws-agentless-workload-scanning-integrations We also offer Agentless Workload Scanning for GCP, which you can review here: https://docs.lacework.net/onboarding/gcp-integrate-agentless-workload-scanning-with-terraform AgentAgentless (Workload Scanning)PlatformDeploy Lacework/InstallationCloudAWS

8 days ago

scott.russellCommunity Manager

Practitioner Tools (API/CLI /LQL)

In an LQL query, can I use multiple fields in a Semi-join filter?

Short answer: Absolutely! If using a Semi-join (in / not in) LQL query, there may come a time when you'll want to use multiple fields to filter on the "in / not in" value. To show you what I mean and how we can do it, let's use an example. First we'll look at a query that uses a simple Semi-join with just one field then we’ll evolve it to use multiple fields. Okay, let's say we want to get the names of containers that are making network requests to a specific IP address (e.g., 91.109.184.3). In order to do this, we'll use the following data sources and approach:LW_HA_CONNECTION_SUMMARY Contains summaries of all network connections. We'll use this to get the unique machine ID of the host machine(s) connecting to the specific IP address. LW_HE_MACHINES Contains details about host machines. Using the returned machine ID(s) from the LW_HA_CONNECTION_SUMMARY data source, we can get additional details about the host machine(s). LW_HE_CONTAINERS Contains details about containers running

8 days ago

craigbeyerjrCommunity Manager

Alert Investigation

How do you respond when a New Vulnerable Application alert is raised by the Lacework platform?

Start your investigation by gaining an understanding of the vulnerability impacting the application. Ensure you know what exploitation activity for the vulnerability looks like in your environment.Then, focus your attention to the activity that triggered the alert which will typically be a network connection. Investigate the connection details, the source and destination hosts, the IP Addresses, and the processes involved to determine if the connection is expected within your environment. Utilize the Resources dossier to expand your search criteria to check for similar activity in other parts of the environment, also expand the date and time range to check for historical context. Once you understand the activity that triggered the alert, assess it to determine if the activity aligns to what you would expect to see if the vulnerability was exploited.If you do find evidence of vulnerability exploitation or other signs of malicious activity, escalate the alert to an official incident an

19 days ago

Grant MartinCommunity Manager

Secure first party-party code with Static Application Security Testing (SAST)

Lacework static application security testing (SAST) empowers teams to rapidly scale their static code analysis, reduce noise, prioritize what matters most, and uncover hidden security defects. Developers gain fast and accurate results that minimize security obstacles as they write code. Lacework provides differential analysis each time code is updated to highlight new vulnerabilities and allow developers to focus on risks they’ve introduced.With Lacework, application security teams gain deep insights into critical risks within their most exposed applications. Lacework provides an in-depth model of each application’s control and data flows to uncover complex and hard to find vulnerabilities.Read more about the new SAST capabilities from Lacework here.

320

21 days ago

dariooshParticipant

General Platform Administration and Configuration

AWS IdC monitoring

1 day ago

craigbeyerjrCommunity Manager

Cloud Workload Security

How can Lacework help me triage identified IaC Security violations?

4 days ago

scott.russellCommunity Manager

General Platform Administration and Configuration

"Failed to upload log" Error in Linux Agent Logs

6 days ago

scott.russellCommunity Manager

General Platform Administration and Configuration

Are real-time emailed alerts possible? I created an Alert Rule, but I'm not seeing that many alerts being sent to my Alert Channel.

7 days ago

scott.russellCommunity Manager

Vulnerability Management

I currently have two Cloud Account integrations: TF AWS CloudTrail and TF AWS Configuration. If I want to add Agentless Workload Scanning (AWLS), do I need to add a new Cloud Account, or should I modify/replace the existing TF Cloudtrail account?

8 days ago

scott.russellCommunity Manager

Practitioner Tools (API/CLI /LQL)

In an LQL query, can I use multiple fields in a Semi-join filter?

8 days ago

craigbeyerjrCommunity Manager

Alert Investigation

How do you respond when a New Vulnerable Application alert is raised by the Lacework platform?

19 days ago

LacerXLacer

General Platform Administration and Configuration

Getting Started

All of the basics to get started in the Lacework Community

Community Welcome and Guidelines

4 topics
20 Replies

General Platform Administration and Configuration

19 topics
17 Replies

Lacework News and Notes

10 topics
1 Reply

General Security Discussion

Discussion and thought leadership on the cloud security industry

What's Next in Security

1 topic
1 Reply

Cloud Security In Practice

5 topics
9 Replies

Hack'd Resources

1 topic
0 Replies

Lacework Platform Q&A

Specific questions and discussions related to Lacework and cloud security environments

Vulnerability Management

8 topics
10 Replies

Cloud Workload Security

8 topics
5 Replies

Cloud Management Security

3 topics
1 Reply

Practitioner Tools (API/CLI /LQL)

9 topics
4 Replies

Alert Investigation

3 topics
1 Reply

Leaderboard

Show full leaderboard

Recently awarded badges

meagen.eisenberghas earned the badge Early Lacer
I.H.has earned the badge Early Adopter
JBNZhas earned the badge Spam
katherine.borzonehas earned the badge Early Lacer
Grant Martinhas earned the badge Early Lacer

Show all badges

Cloud Detection and Response: Market Growth as an Enterprise Requirement

Read the new report from the Enterprise Strategy Group (ESG) that surveys nearly 400 cybersecurity and IT professionals and puts cloud detection and response (CDR) under the microscope.

Download eBook

Need more help?

Documentation

Get more resources in the Lacework documentation center

Contact support

Contact our support team

Release Notes

Review recent product release notes

Sign up

Already have an account? Login

Login with SSO

Login to the community

Login with SSO

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.