Getting Started

All of the basics to get started in the Lacework Community

37 Topics

scott.russell
scott.russellCommunity Manager
asked in General Platform Administration and Configuration

What does "Close as False Positive" button actually do?

A lot of you may have noticed a button appearing on your alerts that says "Close as False Positive." But what does it actually do? Well, let me tell ya! For our reference, this is the button I'm referring to: So what does it do? Well, I'm sure you've probably clicked it thinking that it would prevent that type of alert from showing up again (believe me, I did the same thing). But that's not exactly what it does. When you click "Close as False Positive," you're essentially closing the alert in the same way you would if you clicked the "Close" button. The only difference is that when you click "Close as False Positive," you're actually providing Lacework with some extra feedback. This feedback is then sent to our ML/data team for further analysis. At which point they can make adjustments to the detection engine based on that feedback. That's all good and dandy, but what if I want to prevent that type of alert from showing up again? Well, in that case, you'll want to create exceptions for

0
scott.russell
20 days ago
christine.medina
christine.medinaCommunity Manager
published in Community Welcome and Guidelines

Welcome — take a sec to introduce yourself ✋🏼

Welcome to the communityHi everyone 👋🏼! If you’re here it’s because you want to build better cloud security — alongside all your peers. We’re excited to have you and look forward to some great discussions. This is the perfect time to introduce yourself and offer up a fun fact. Don’t be shy — it will help you connect with others, I promise. Happy hunting and happy connecting! 

177921
T
20 days ago
C
Lacer
craigbeyerjrLacer
asked in General Platform Administration and Configuration

Can I customize Jira tickets created by Lacework alerts?

Yes, absolutely! If your organization configured Jira as a Lacework Alert Channel, you can easily apply a custom template. In this post, we will develop a custom Jira template that will accomplish the following:Map the severity of Lacework Alerts to Jira's severity field Customize the default Summary field naming convention Several of our customers take advantage of custom templates to override a variety of other default Jira settings. You can learn more about custom Jira templates here. To develop a custom Jira template, start by creating a .json file and copy/paste the following json content.{    "fields": {        "summary": "Lacework - $event_severity_str - $event_type"    },    "severity": {        "Critical": {            "id": "1"        },        "High": {            "id": "2"        },        "Medium": {            "id": "3"        },        "Low": {            "id": "4"        },        "Info": {            "id": "5"        }    }} In the above template, we are renaming the J

0
C
Lacer
2 months ago
Christopher Black
Lacer
Christopher BlackLacer
asked in General Platform Administration and Configuration

Deploying Lacework using Terraform...without using the LW TF provider

Hello community! I’m working through an interesting scenario where I need to provision EKS audit logs...without using the LW provider. There are some internal constraints on how TF is used with the organization I’m working with. Curious if anyone has any perspective they’re willing to share, cheers! AgentN/APlatformDeploy Lacework/InstallationCloudAWS

0
Christopher Black
Lacer
2 months ago
N
Lacer
Nick-at-LaceworkLacer
asked in General Platform Administration and Configuration

Does Lacework have an Integration with Bitsight?

Currently, Lacework doesn’t have a direct integration with Bitsight.  With that being said - all of the data that Lacework ingests, Lacework should be able to have a comparison with overlapping areas, ultimately not needing Bitsight.  A great way to do this would be leveraging Lacework’s compliance reports / dashboard where risks are easily identifiable and actionable.  AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

0
N
Lacer
2 months ago
B
Lacer
BanksLacer
posted in Lacework News and Notes

Lacework and Securiti announce a strategic partnership focused on CNAPP and data security posture management (DSPM)

Today we are happy to announce  a strategic partnership with Securiti, the industry leading data security company. With this partnership, you can protect sensitive data in the cloud with the ability to identify your highest priority risks, focus on high-impact threats, address investigations with confidence, and improve your prioritization and remediation.  To find out more information, check out our partnership blog and feel free to share on social (Linkedin) and on X/Twitter AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

0
B
Lacer
3 months ago
Grant Martin
Grant MartinCommunity Manager
posted in Lacework News and Notes

NEW: Lacework's Top 50 CISOs to Watch

Lacework is proud to present our second annual list of 50 CISOs to Watch, cybersecurity leaders demonstrating exceptional vision, execution, and leadership in the field of security. This list showcases 50 CISOs who embody innovation, effectiveness, and forward-thinking in their roles.Please join us in celebrating the impact that security leaders like yourself have within your organizations and the security community. Meet the 2024 50 CISOs to Watch here.

0
Grant Martin
3 months ago
D
dariooshParticipant
asked in General Platform Administration and Configuration

AWS IdC monitoring

Hi, Is there a way, or is there a roadmap, to monitor IdC users in AWS. The users created in one public cloud sync to AWS IdC. We can imagine that with some high privileges, perhaps, some permissions could be modified. Can Lacework put an eyes on this? Thanks AgentLinux 6.6XPlatformUsing Lacework/OperationalizingCloudAWS

3
C
Lacer
4 months ago
meagen.eisenberg
Lacer
meagen.eisenbergLacer
posted in Lacework News and Notes

New CISO Board Book

Hey everyone, Did you know that only nine percent of boards in the Fortune 500 companies have directors with strong cybersecurity knowledge? Combined with the meteoric rise of digital breaches, there’s a desperate need for cybersecurity expertise on company boards right now. And it’s only going to grow. Edition two of the CISO Board Book from Lacework fills that gap and provides a comprehensive library of security expertise ready for board appointment. Chock full of expert security leaders from leading companies like Rolls-Royce Power Systems AG, Hugo Boss, and SAP, the resource is an excellent source of expertise for boards large and small. New York Times - Welcome to the next class of Security leaders Next year’s Board Book is also already in the works. If you’re a CISO or other executive level cybersecurity expert that would like to be included, send us a note at boardbook@lacework.com and connect with me on LInkedIn. Meagen AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

0
meagen.eisenberg
Lacer
4 months ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes

What's new with Lacework this week? October 26 2023

Check out some of our top stories of the week: Prevent multicloud risks with new Lacework enhancements Lacework extends support for multicloud environments with Oracle Cloud Infrastructure (OCI) Simplify vulnerability remediation with new ServiceNow integration LawnStarter gains visibility with automated security from Lacework and AWS Let us know what you think about our newest product enhancements!  AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

0
A
Lacer
6 months ago
L
Lucas CoatanlemParticipant
asked in General Platform Administration and Configuration

Deploy Lacework stack again

Hello,Our naming convention has changed, and I would like to rename the stack of Lacework that I already deployed on an account (stack created about 1 year ago). The only way to do that is to delete the stack and create a new one.Will Lacework be capable to match the new stack with the old configuration using the new template (using account ID for example), particularly the Cloudtrail part that has learned about users behaviours during 1 year ?Kind regards,Lucas AgentAgentless (Workload Scanning)PlatformDeploy Lacework/InstallationCloudAWS

3
L
6 months ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes

What's new with Lacework this week? October 12 2023

 Here are some of our top stories from the week: Two vulnerabilities have been disclosed for curl, with CVE-2023-38545 gaining attention. Despite concerns, we believe the overall risk of exploitation is low due to the configurations required to exploit vulnerability.  We’re thrilled to welcome Kevin Kiley as our new Chief Revenue Officer (CRO)! Submissions are open for the 2nd edition of The Modern CISO Network: Board Book (deadline closes next Thursday). AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

0
A
Lacer
6 months ago
LacerX
Lacer
LacerXLacer
asked in General Platform Administration and Configuration

Is it possible to allow a user to only see a single section in Lacework?

Recently I was asked by a someone if they could lock down the Lacework UI because they wanted their finance department to only see the licensing used page, so they could match the subscription to vCPU and their license usage.  The answer is YES.  You have granular control over the visibility of what a particular user can potentially access within the platform.The basic steps are, create a role that has only “read access to whatever you want them to access. (Login to lacework Login to Lacework Click on the settings menu at the bottom left In the “Access Control” section, click on “Roles” Click on “+Add New”  Type in the Name of your choice Select the Pages and level of access required for the role Click Create Create a user group and put that “role” in that group Navigate to Settings → User Groups in the “Access Control” Menu group Click on “+Add New”  Type in the Name of your choice Select the role from the dropdown menu Click the Next Button Select the users to be assigned

0
LacerX
Lacer
6 months ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes

What's new with Lacework this week? October 5 2023

Check out some of our top stories from this week: Companies want to spend more on AI to defeat hackers, but there’s a catch. CFO Andrew Casey explains why in this new CNBC article on AI and cybersecurity.   CarGurus customer Kelly Haydu discussed all things privacy on the season 1 finale of the Code to Cloud podcast We introduced Hack'd, our new live learning series where leading cybersecurity experts deconstruct historic breaches There's a new out-of-bounds write access vulnerability, CVE-2023-4863. In a new blog, @juliensobrier and Jasiel Spelman explain how to detect and respond to an out-of-bounds write access vulnerability. AgentN/APlatformDeploy Lacework/InstallationCloudN/A

0
A
Lacer
6 months ago
LacerX
Lacer
LacerXLacer
asked in General Platform Administration and Configuration

What changed in my configuration to cause the alert?

A Lacework Alert comes in and it is for compliance or configuration changes.  Once you get the alert, it is logical to want to investigate and figure out what caused it, when it happened, and keep investigating so you know when something happened and who made the change.  How can I, within Lacework, identify those changes and be able to compare the configurations so I can identify what changed and when it happend? AgentN/APlatformUsing Lacework/OperationalizingCloudAWS

1
LacerX
Lacer
6 months ago
I
I.H.Participant
posted in General Platform Administration and Configuration

Business logic vulnerabilitiy on the SSO between portal and the community

First of all, love the new Lacework community. Thank you for building it and the invitation. In my opinion, there is a security flaw in the current implementation of Portal SSO when it interacts with the community. Currently, when the user login to the community page, the user been granted the whole access to the portal page https://portal.lacework.com/app/UserHome  The logout functionality appears to have a flaw as it allows users to easily log back in without entering any username or password credentials. This poses a security risk and needs to be addressed.Moreover, an effective example of Single Sign-On implementation can be seen with Okta and Jira. In this case, users are unable to access Okta through the Jira login, ensuring a more secure authentication process. Since the Lackwork portal and/or community page is perpetually logged in, an attacker has the potential to manipulate any settings within the system(e.g. XSS or phishing). This poses a significant security risk as unautho

4
I
6 months ago
E
erika.garciaParticipant
asked in General Platform Administration and Configuration

QUESTION ABOUT CHANGE OF ALIAS

Hi! I was modifying the aliases of the AWS accounts from Lacework and I noticed that two sections appear, one called Lacework-Control-Tower-Config-Member-"account" and another TF AWS EKS Audit Log, each of the accounts has these two sections . My question is whether I should modify the alias of both, or just one. I am making this change from settings > cloud accountsI wait your answer.Thank you.

1
C
Lacer
7 months ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes

What's new with Lacework this week? September 21 2023

Another exciting week for Lacework! Here are some of the top stories of the week: TSB Bank selected our platform for multicloud security CEO Jay Parikh joined tech leaders on NYSE's Future in Five We announced our new detection capabilities We released a new episode of the Code to Cloud podcast with Upvest CSO Sebastien Jeanquier @Merritt Baer wrote a guide to help CISOs navigate their first 90 days @juliensobrier wrote a blog explaining how Lacework detects Kubernetes attack techniques We published a new edition of the Code to Cloud Monthly DigestAgentN/APlatformDeploy Lacework/InstallationCloudN/A

0
A
Lacer
7 months ago
M
M AParticipant
asked in General Platform Administration and Configuration

New Agent URL

The api.lacework.net agent url will retire on October 31, 2023, and will be replaced with agent.lacework.net.Is there a way to have the agent change its own target? Is there a way to get a report on which IP addresses are using the old endpoint before the retirement?AgentN/APlatformUsing Lacework/OperationalizingCloudAWS

1
C
Lacer
7 months ago
Grant Martin
Grant MartinCommunity Manager
posted in Lacework News and Notes

New Lacework features on enhanced threat detection

Hi everybody:Today Lacework is launching a host of new enhanced threat detection upgrades aimed at improving alert quality and speed, Enhancements include:Improved composite alerts that capture more signals and reduce noise Better threat intelligence that considers Indicators of Compromise (IoC) and severity Faster detections with improvements to mean time to detect (MTTD) and mean time to react (MTTR) Better mapping of treats to industry frameworks like MITRE ATT&CKCheck out our blog post covering the updates here.

0
Grant Martin
7 months ago
mariam.helmy
Lacer
mariam.helmyLacer
posted in Lacework News and Notes

Snowflake and Lacework reaffirm their strategic partnership in a joint press release

This week, Snowflake and Lacework reaffirmed our strategic partnership: Two companies and technologies that can support the volume, velocity, and variety of cloud data. This is our signal that we are committed to securing cloud environments no matter how large they become. Check out the news in the links above! AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

0
mariam.helmy
Lacer
7 months ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes

What’s new with Lacework this week? September 15 2023

From securing accolades to expanding partnerships, there's a lot going on at Lacework. Here are a few highlights from the week: We topped the charts in the G2 Fall reportsLacework landed in the Leader quadrant across 7 different categories in the G2 Fall Reports.Join us for AWS GameDay in Palo Alto on Sept. 26 We’re getting excited for our upcoming Lacework and AWS GameDay, where you can solve real-world problems in a gamified risk-free environment. Register now to join us! We expanded our partnership with SnowflakeWe recently announced the expansion of our partnership with Snowflake. Through the combined use of our platform and Snowflake's Data Cloud, our customers can now extend the benefits of cloud security data to other areas of their business. AgentN/APlatformDeploy Lacework/InstallationCloudN/A

0
A
Lacer
7 months ago
sporcello
Lacer
sporcelloLacer
asked in General Platform Administration and Configuration

Why does my Lacework agent (datacollector) container stop in my ECS Fargate cluster?

I would like to run the Lacework agent as a sidecar in my ECS Fargate cluster. I followed the documentation here to add the datacollector sidecar container into my task definition. When the task starts, I can see both my application and the datacollector containers. The datacollector container starts and stops, then my application container starts and runs. Is this expected?  AgentLinux 6.6XPlatformDeploy Lacework/InstallationCloudAWS

1
sporcello
Lacer
7 months ago
J
Lacer
josehelpsLacer
posted in General Platform Administration and Configuration

LOLDrivers Lacework LQL Detection

Hey everyone,I wanted to share something valuable with the community, especially since a few customers have inquired about this recently. We all know the significance of staying a step ahead in the cybersecurity landscape, and this is a step in that direction.LOLDrivers is a well-curated list of Windows drivers that adversaries commonly use to bypass security measures and execute attacks. It has been used quite often by many threat actors: https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/.I've crafted a script that automatically fetches the latest malicious hashes from the LOLDrivers project and builds an LQL rule, which can be seamlessly deployed in your Lacework environment. This script serves as a tool to monitor and detect malicious drivers in real-time within your infrastructure.Here's how you can integrate this into your Lacework setup:1. Get the Script: Grab the script from this link.   2. Deploy the LQL Rule: Use the Lacework CLI with the following command

0
J
Lacer
7 months ago
A
Lacer
Andrew LeeLacer
posted in General Platform Administration and Configuration

What CSPM reporting works best for you?

Looking to get feedback on what types of reports or report data points must uesrs really care about or help them in there work flow.There is lots of data there but what do you really want to see and how would you like to see it AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

0
A
Lacer
7 months ago

Badge winners

Show all badges
Terms of UseCookie settings