Product Updates
Office Hours

Welcome to our community

Community Q&A and Discussion

Start discussions about cloud security or Lacework, ask questions, get answers

Product updates

Read the latest news from our product team

Support

File a Support Ticket

Lacework Academy

Essential information and instructions to set up and use Lacework

Featured topics

Recent activity
Help others
Categories

Ben BakerCommunity Manager

August 2023 Platform Releases

Lacework agentless workload scanning just got a major upgrade. As of August 2023, Lacework customers can now use this feature to gain more visibility over their cloud estate. Agentless workload scanning can now:Support scanning of container images managed by Containerd runtime Be integrated with Google Cloud Scan multiple/secondary volumes on hosts Scan stopped instancesLacework is also rolling out advanced threat detection capabilities. Now, in public preview, customers can reduce the time between alert detection and alert generation for high-confidence events with the platform’s new Near Real-Time Alerting Solution. Visit this Docs page to see a roundup of all the month’s product releases.

2 days ago

Ben BakerCommunity Manager

July 2023 Platform Releases

Starting in July, customers with Amazon Linux environments can expect more around vulnerability management. The platform can now track Amazon Linux vulnerabilities by CVE IDs, rather than ALAS. Amazon Linux 2023 is also now supported for vulnerability scanning.Customers can benefit from loads of enhancements, now available in Public Preview. These include:MITRE ATT&CK tagging: Now in Lacework alerts, users can see MITRE ATT&CK tags that correspond with the potential threat. Amazon GuardDuty + composite alerts: Users can now enrich the platform’s composite alerts with Amazon GuardDuty data.’ Lacework + Security in Jira integration: Lacework now supports Security in Jira integrations, where you can view, prioritize, and track remediation of vulnerabilities from your active image repositories. Visit this Docs page to see a roundup of all the month’s product releases.

2 days ago

Ben BakerCommunity Manager

June 2023 Platform Releases

In June, Lacework took steps to make risk management even easier for users.The Lacework Remediate CLI can help users swiftly resolve a wide range of compliance issues within their AWS infrastructures using a set of pre-build remediation templates. These templates assess each alert and provide command-line remediation guidance specific to that feature. Active filters now influence the Open vulnerabilities chart for hosts and containers, and all active filters on the Host and Container Vulnerability pages now propagate to CSV reports.Visit this Docs page to see a roundup of all the month’s product releases.

2 days ago

robert5156Participant

Vulnerability Management

How to identify Internet accessible nodes and container pods ( inbound from internet)?

Hi,Looking for some advice.Basically with-in lacework kubernetes , looking to see which pods & nodes are accessible from internet ( inbound from internet). What i found so far is we can use Resources → Kubernetes → Pod Network → External connections . You can select all columns and download a CSV. There is a similar view for actual nodes as well. Node→ Kubernetes → Node Network → Node External Connections I am not 100% sure if this is accurate. Also this does not tell what ports are open for inbound connections ( some of the ports listed are >65k which seems to be odd as well)Wondering if anyone had figured out the correct way to “Identify Internet accessible nodes and container pods ( inbound from internet)?”. Thanks in advanceAgentLinux 6.6XPlatformUsing Lacework/OperationalizingCloudGCP

3 days ago

I.H.Participant

General Platform Administration and Configuration

Business logic vulnerabilitiy on the SSO between portal and the community

First of all, love the new Lacework community. Thank you for building it and the invitation. In my opinion, there is a security flaw in the current implementation of Portal SSO when it interacts with the community. Currently, when the user login to the community page, the user been granted the whole access to the portal page https://portal.lacework.com/app/UserHome The logout functionality appears to have a flaw as it allows users to easily log back in without entering any username or password credentials. This poses a security risk and needs to be addressed.Moreover, an effective example of Single Sign-On implementation can be seen with Okta and Jira. In this case, users are unable to access Okta through the Jira login, ensuring a more secure authentication process. Since the Lackwork portal and/or community page is perpetually logged in, an attacker has the potential to manipulate any settings within the system(e.g. XSS or phishing). This poses a significant security risk as unautho

6 days ago

alliefickParticipant

Lacework News and Notes

What's new with Lacework this week? September 21 2023

Another exciting week for Lacework! Here are some of the top stories of the week: TSB Bank selected our platform for multicloud security CEO Jay Parikh joined tech leaders on NYSE's Future in Five We announced our new detection capabilities We released a new episode of the Code to Cloud podcast with Upvest CSO Sebastien Jeanquier @Merritt Baer wrote a guide to help CISOs navigate their first 90 days @juliensobrier wrote a blog explaining how Lacework detects Kubernetes attack techniques We published a new edition of the Code to Cloud Monthly DigestAgentN/APlatformDeploy Lacework/InstallationCloudN/A

6 days ago

mikedurrrParticipant

Practitioner Tools (API/CLI /LQL)

How can I exclude hosts that haven't been seen for over X hours when pulling vulnerability data from the API?

I only want to see vulnerabilities for hosts that have been running in last 8 hours in my vulnerability reports. How can I craft my API calls to achieve this? AgentN/APlatformN/ACloudN/A

7 days ago

CISO TimParticipant

Prioritizing Risk

How do you quantify risk?

Risk is a hard thing to quantify at times. But I think having a good understanding of your security risk can elevate the conversation at the executive level. It can tie security problems to business outcomes, which can ultimately help make a stronger security program and get more budget. How do people quantify risk in your organization? AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

7 days ago

M AParticipant

General Platform Administration and Configuration

New Agent URL

The api.lacework.net agent url will retire on October 31, 2023, and will be replaced with agent.lacework.net.Is there a way to have the agent change its own target? Is there a way to get a report on which IP addresses are using the old endpoint before the retirement?AgentN/APlatformUsing Lacework/OperationalizingCloudAWS

7 days ago

craigbeyerjrParticipant

Practitioner Tools (API/CLI /LQL)

Using the API to Automate a Lacework Response Process

How have you and your team leveraged the Lacework API to develop automation that effectively replaced a manual Lacework process within your organization? Please share your success story! AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

8 days ago

robert5156Participant

Vulnerability Management

How to identify Internet accessible nodes and container pods ( inbound from internet)?

3 days ago

mikedurrrParticipant

Practitioner Tools (API/CLI /LQL)

How can I exclude hosts that haven't been seen for over X hours when pulling vulnerability data from the API?

I only want to see vulnerabilities for hosts that have been running in last 8 hours in my vulnerability reports. How can I craft my API calls to achieve this? AgentN/APlatformN/ACloudN/A

7 days ago

M AParticipant

General Platform Administration and Configuration

New Agent URL

7 days ago

CISO TimParticipant

What's Next in Security

ys009Participant

Cloud Workload Security

Where do I see Active Containers with LW agents running in my environment?

Once you are logged in the Lacework platform, List of active containers can be found via navigating to Resources > Containers > List of active containers under the Polygraph. AgentLinux 6.6XPlatformCurrentCloudHybrid

1 month ago

abeneshParticipant

Practitioner Tools (API/CLI /LQL)

How can in query ECS Tasks or Services that don't have an agent installed?

AgentLinux 6.6XPlatformCurrentCloudAWS

1 month ago

Getting Started

All of the basics to get started in the Lacework Community

Community Welcome and Guidelines

4 topics
20 Replies

General Platform Administration and Configuration

10 topics
7 Replies

Lacework News and Notes

5 topics
1 Reply

General Security Discussion

Discussion and thought leadership on the cloud security industry

What's Next in Security

1 topic
1 Reply

Consolidation

0 topics
0 Replies

Threat Hunting

1 topic
0 Replies

Compliance and Audit

2 topics
0 Replies

Prioritizing Risk

1 topic
8 Replies

Least Privilege / Zero Trust

1 topic
1 Reply

Product Area or Focus

Specific questions and discussions related to Lacework and cloud security environments

Vulnerability Management

7 topics
10 Replies

Cloud Workload Security

7 topics
4 Replies

Cloud Management Security

3 topics
1 Reply

Practitioner Tools (API/CLI /LQL)

7 topics
2 Replies

Alert Investigation

2 topics
1 Reply

Leaderboard

Show full leaderboard

Recently awarded badges

katherine.borzonehas earned the badge Early Lacer
Grant Martinhas earned the badge Early Lacer
david.fiamehas earned the badge Early Lacer
luke.markhas earned the badge Early Lacer
bimala.rosehas earned the badge Early Lacer

Show all badges

Cloud Detection and Response: Market Growth as an Enterprise Requirement

Read the new report from the Enterprise Strategy Group (ESG) that surveys nearly 400 cybersecurity and IT professionals and puts cloud detection and response (CDR) under the microscope.

Download eBook

Need more help?

Documentation

Get more resources in the Lacework documentation center

Contact support

Contact our support team

Release Notes

Review recent product release notes

Sign up

Already have an account? Login

Login with SSO

Login to the community

Login with SSO

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.