Question

How does Lacework determine if a resource has internet exposure?

  • 21 August 2023
  • 1 reply
  • 333 views

Userlevel 2
Badge

Agent

N/A

Platform

Current

Cloud

AWS


1 reply

Userlevel 2
Badge

 

For the attack path mapping, we iterate on all the access policies from the internet to the endpoint (internet gateways, security groups, and similar).

One or more of the following conditions must be met in order to trigger the internet exposure:

  • Instance has public IP or instance is targeted by an internet-facing load balancer Security group on the instance or load balancer permits 0.0.0.0/0 Subnet of instance is public (meaning, it has a route to an internet gateway)
  • Internet exposure is also used to determine the host risk score.

 

How can be used within the context of vulnerabilities please see our documentation: https://docs.lacework.com/console/attack-path-analysis-exposure-polygraph#view-exposure-risk-context

Reply