Skip to main content

Getting Started

All of the basics to get started in the Lacework Community

41 Topics
J
j0aqu1mParticipant
asked in General Platform Administration and Configuration
Okta SAML JIT configuration using groups for access

I’ve been able to successfully configure Lacework + Okta SAML JIT for individual accounts. Now, I’m wondering if I’m able to configure Lacework access via Okta group membership. For example, Lacework Admin group membership in Okta would grant admin access to the members in Lacework. There doesn’t seem to be documentation for this so I’m guessing it’s not possible? AgentundefinedPlatformundefinedCloudundefined

540
J
2 months ago
Grant Martin
Grant MartinCommunity Manager
posted in Lacework News and Notes
Lacework joins forces with Fortinet

We’ve got some exciting news for the Lacework CommunityWe’re thrilled to announce that Lacework has entered into a definitive agreement to be acquired by Fortinet. This marks a significant milestone in our journey to revolutionize cloud security.Check out our blog to read the full story.What’s this mean for you?Enhanced security solutions: By combining our AI-powered cloud security innovations with Fortinet’s comprehensive solutions, we’ll bring even more robust protection for your cloud environments Global reach: Fortinet’s extensive resources and global scale will help us serve you better and bring our solutions to a broader audience Continued innovation: We’ll continue to focus on pioneering technologies like machine learning and AI while enhancing the product you’ve come to know and loveA big thank you to our customers and community. Your trust and feedback along the way have been invaluable in helping us shape our company and our product. This acquisition is a celebration of our p

2210
Grant Martin
5 months ago
Grant Martin
Grant MartinCommunity Manager
posted in Lacework News and Notes
Join us at a Lacework NYSE CISO event: June 13, 2024

Security peers:On June 13, 2024, Lacework is hosting a CISO networking event at the New York Stock Exchange in New York, New York.The free event is focused on elevating cybersecurity expertise in the boardroom; attendees will have the opportunity to:Hear from a panel of seasoned board members who understand the critical role of cybersecurity representation Learn how to enhance your personal brand and position yourself as a board-ready candidate Discover strategies to overcome common challenges in securing a board position  Acquire practical tips and advice for conducting a successful board role search Connect with fellow CISOs during our networking mixerWe’d love to have you. Please register for the event here. 

2020
Grant Martin
5 months ago
S
Lacer
steven.sorannoLacer
asked in General Platform Administration and Configuration
How to set up Okta SAML JIT for a single account in Lacework?

General Instructions for setup:Complete the steps in the following documentation in order to set up an App Integration in Okta with all the Lacework Service Provider information.  Note: In following the above instructions make sure to add the following required attribute statements to the App Integration for JIT access:   If you are using a Lacework Organization with multiple accounts, additional attribute statements must also be added for Organization level roles. Lacework Organization Admin Role Lacework Organization User Role For more information about attribute statements, reference the following documentation: https://docs.lacework.net/onboarding/configure-saml-jit-with-okta Once the App integration is created in Okta with all the correct attribute statements, select the "View SAML setup instructions" option to view the SAML app details.  Log back into lacework and add these IDP metadata details to the Lacework Authentication page.   Navigate back to

2240
S
Lacer
5 months ago
scott.russell
scott.russellCommunity Manager
asked in General Platform Administration and Configuration
What does "Close as False Positive" button actually do?

A lot of you may have noticed a button appearing on your alerts that says "Close as False Positive." But what does it actually do? Well, let me tell ya! For our reference, this is the button I'm referring to: So what does it do? Well, I'm sure you've probably clicked it thinking that it would prevent that type of alert from showing up again (believe me, I did the same thing). But that's not exactly what it does. When you click "Close as False Positive," you're essentially closing the alert in the same way you would if you clicked the "Close" button. The only difference is that when you click "Close as False Positive," you're actually providing Lacework with some extra feedback. This feedback is then sent to our ML/data team for further analysis. At which point they can make adjustments to the detection engine based on that feedback. That's all good and dandy, but what if I want to prevent that type of alert from showing up again? Well, in that case, you'll want to create exceptions for

3730
scott.russell
7 months ago
christine.medina
christine.medinaCommunity Manager
published in Community Welcome and Guidelines
Welcome — take a sec to introduce yourself ✋🏼

Welcome to the communityHi everyone 👋🏼! If you’re here it’s because you want to build better cloud security — alongside all your peers. We’re excited to have you and look forward to some great discussions. This is the perfect time to introduce yourself and offer up a fun fact. Don’t be shy — it will help you connect with others, I promise. Happy hunting and happy connecting! 

284321
T
7 months ago
C
Lacer
craigbeyerjrLacer
asked in General Platform Administration and Configuration
Can I customize Jira tickets created by Lacework alerts?

Yes, absolutely! If your organization configured Jira as a Lacework Alert Channel, you can easily apply a custom template. In this post, we will develop a custom Jira template that will accomplish the following:Map the severity of Lacework Alerts to Jira's severity field Customize the default Summary field naming convention Several of our customers take advantage of custom templates to override a variety of other default Jira settings. You can learn more about custom Jira templates here. To develop a custom Jira template, start by creating a .json file and copy/paste the following json content.{    "fields": {        "summary": "Lacework - $event_severity_str - $event_type"    },    "severity": {        "Critical": {            "id": "1"        },        "High": {            "id": "2"        },        "Medium": {            "id": "3"        },        "Low": {            "id": "4"        },        "Info": {            "id": "5"        }    }} In the above template, we are renaming the J

4930
C
Lacer
8 months ago
Christopher Black
Lacer
Christopher BlackLacer
asked in General Platform Administration and Configuration
Deploying Lacework using Terraform...without using the LW TF provider

Hello community! I’m working through an interesting scenario where I need to provision EKS audit logs...without using the LW provider. There are some internal constraints on how TF is used with the organization I’m working with. Curious if anyone has any perspective they’re willing to share, cheers! AgentN/APlatformDeploy Lacework/InstallationCloudAWS

3270
Christopher Black
Lacer
8 months ago
N
Lacer
Nick-at-LaceworkLacer
asked in General Platform Administration and Configuration
Does Lacework have an Integration with Bitsight?

Currently, Lacework doesn’t have a direct integration with Bitsight.  With that being said - all of the data that Lacework ingests, Lacework should be able to have a comparison with overlapping areas, ultimately not needing Bitsight.  A great way to do this would be leveraging Lacework’s compliance reports / dashboard where risks are easily identifiable and actionable.  AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

3410
N
Lacer
9 months ago
B
Lacer
BanksLacer
posted in Lacework News and Notes
Lacework and Securiti announce a strategic partnership focused on CNAPP and data security posture management (DSPM)

Today we are happy to announce  a strategic partnership with Securiti, the industry leading data security company. With this partnership, you can protect sensitive data in the cloud with the ability to identify your highest priority risks, focus on high-impact threats, address investigations with confidence, and improve your prioritization and remediation.  To find out more information, check out our partnership blog and feel free to share on social (Linkedin) and on X/Twitter AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

3570
B
Lacer
9 months ago
Grant Martin
Grant MartinCommunity Manager
posted in Lacework News and Notes
NEW: Lacework's Top 50 CISOs to Watch

Lacework is proud to present our second annual list of 50 CISOs to Watch, cybersecurity leaders demonstrating exceptional vision, execution, and leadership in the field of security. This list showcases 50 CISOs who embody innovation, effectiveness, and forward-thinking in their roles.Please join us in celebrating the impact that security leaders like yourself have within your organizations and the security community. Meet the 2024 50 CISOs to Watch here.

3410
Grant Martin
10 months ago
D
dariooshParticipant
asked in General Platform Administration and Configuration
AWS IdC monitoring

Hi, Is there a way, or is there a roadmap, to monitor IdC users in AWS. The users created in one public cloud sync to AWS IdC. We can imagine that with some high privileges, perhaps, some permissions could be modified. Can Lacework put an eyes on this? Thanks AgentLinux 6.6XPlatformUsing Lacework/OperationalizingCloudAWS

4943
C
Lacer
11 months ago
meagen.eisenberg
Lacer
meagen.eisenbergLacer
posted in Lacework News and Notes
New CISO Board Book

Hey everyone, Did you know that only nine percent of boards in the Fortune 500 companies have directors with strong cybersecurity knowledge? Combined with the meteoric rise of digital breaches, there’s a desperate need for cybersecurity expertise on company boards right now. And it’s only going to grow. Edition two of the CISO Board Book from Lacework fills that gap and provides a comprehensive library of security expertise ready for board appointment. Chock full of expert security leaders from leading companies like Rolls-Royce Power Systems AG, Hugo Boss, and SAP, the resource is an excellent source of expertise for boards large and small. New York Times - Welcome to the next class of Security leaders Next year’s Board Book is also already in the works. If you’re a CISO or other executive level cybersecurity expert that would like to be included, send us a note at boardbook@lacework.com and connect with me on LInkedIn. Meagen AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

4240
meagen.eisenberg
Lacer
11 months ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes
What's new with Lacework this week? October 26 2023

Check out some of our top stories of the week: Prevent multicloud risks with new Lacework enhancements Lacework extends support for multicloud environments with Oracle Cloud Infrastructure (OCI) Simplify vulnerability remediation with new ServiceNow integration LawnStarter gains visibility with automated security from Lacework and AWS Let us know what you think about our newest product enhancements!  AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

4590
A
Lacer
1 year ago
L
Lucas CoatanlemParticipant
asked in General Platform Administration and Configuration
Deploy Lacework stack again

Hello,Our naming convention has changed, and I would like to rename the stack of Lacework that I already deployed on an account (stack created about 1 year ago). The only way to do that is to delete the stack and create a new one.Will Lacework be capable to match the new stack with the old configuration using the new template (using account ID for example), particularly the Cloudtrail part that has learned about users behaviours during 1 year ?Kind regards,Lucas AgentAgentless (Workload Scanning)PlatformDeploy Lacework/InstallationCloudAWS

7423
L
1 year ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes
What's new with Lacework this week? October 12 2023

 Here are some of our top stories from the week: Two vulnerabilities have been disclosed for curl, with CVE-2023-38545 gaining attention. Despite concerns, we believe the overall risk of exploitation is low due to the configurations required to exploit vulnerability.  We’re thrilled to welcome Kevin Kiley as our new Chief Revenue Officer (CRO)! Submissions are open for the 2nd edition of The Modern CISO Network: Board Book (deadline closes next Thursday). AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

4660
A
Lacer
1 year ago
LacerX
Lacer
LacerXLacer
asked in General Platform Administration and Configuration
Is it possible to allow a user to only see a single section in Lacework?

Recently I was asked by a someone if they could lock down the Lacework UI because they wanted their finance department to only see the licensing used page, so they could match the subscription to vCPU and their license usage.  The answer is YES.  You have granular control over the visibility of what a particular user can potentially access within the platform.The basic steps are, create a role that has only “read access to whatever you want them to access. (Login to lacework Login to Lacework Click on the settings menu at the bottom left In the “Access Control” section, click on “Roles” Click on “+Add New”  Type in the Name of your choice Select the Pages and level of access required for the role Click Create Create a user group and put that “role” in that group Navigate to Settings → User Groups in the “Access Control” Menu group Click on “+Add New”  Type in the Name of your choice Select the role from the dropdown menu Click the Next Button Select the users to be assigned

4810
LacerX
Lacer
1 year ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes
What's new with Lacework this week? October 5 2023

Check out some of our top stories from this week: Companies want to spend more on AI to defeat hackers, but there’s a catch. CFO Andrew Casey explains why in this new CNBC article on AI and cybersecurity.   CarGurus customer Kelly Haydu discussed all things privacy on the season 1 finale of the Code to Cloud podcast We introduced Hack'd, our new live learning series where leading cybersecurity experts deconstruct historic breaches There's a new out-of-bounds write access vulnerability, CVE-2023-4863. In a new blog, @juliensobrier and Jasiel Spelman explain how to detect and respond to an out-of-bounds write access vulnerability. AgentN/APlatformDeploy Lacework/InstallationCloudN/A

4550
A
Lacer
1 year ago
LacerX
Lacer
LacerXLacer
asked in General Platform Administration and Configuration
What changed in my configuration to cause the alert?

A Lacework Alert comes in and it is for compliance or configuration changes.  Once you get the alert, it is logical to want to investigate and figure out what caused it, when it happened, and keep investigating so you know when something happened and who made the change.  How can I, within Lacework, identify those changes and be able to compare the configurations so I can identify what changed and when it happend? AgentN/APlatformUsing Lacework/OperationalizingCloudAWS

5011
LacerX
Lacer
1 year ago
I
I.H.Participant
posted in General Platform Administration and Configuration
Business logic vulnerabilitiy on the SSO between portal and the community

First of all, love the new Lacework community. Thank you for building it and the invitation. In my opinion, there is a security flaw in the current implementation of Portal SSO when it interacts with the community. Currently, when the user login to the community page, the user been granted the whole access to the portal page https://portal.lacework.com/app/UserHome  The logout functionality appears to have a flaw as it allows users to easily log back in without entering any username or password credentials. This poses a security risk and needs to be addressed.Moreover, an effective example of Single Sign-On implementation can be seen with Okta and Jira. In this case, users are unable to access Okta through the Jira login, ensuring a more secure authentication process. Since the Lackwork portal and/or community page is perpetually logged in, an attacker has the potential to manipulate any settings within the system(e.g. XSS or phishing). This poses a significant security risk as unautho

8494
I
1 year ago
E
erika.garciaParticipant
asked in General Platform Administration and Configuration
QUESTION ABOUT CHANGE OF ALIAS

Hi! I was modifying the aliases of the AWS accounts from Lacework and I noticed that two sections appear, one called Lacework-Control-Tower-Config-Member-"account" and another TF AWS EKS Audit Log, each of the accounts has these two sections . My question is whether I should modify the alias of both, or just one. I am making this change from settings > cloud accountsI wait your answer.Thank you.

5151
C
Lacer
1 year ago
A
Lacer
alliefickLacer
posted in Lacework News and Notes
What's new with Lacework this week? September 21 2023

Another exciting week for Lacework! Here are some of the top stories of the week: TSB Bank selected our platform for multicloud security CEO Jay Parikh joined tech leaders on NYSE's Future in Five We announced our new detection capabilities We released a new episode of the Code to Cloud podcast with Upvest CSO Sebastien Jeanquier @Merritt Baer wrote a guide to help CISOs navigate their first 90 days @juliensobrier wrote a blog explaining how Lacework detects Kubernetes attack techniques We published a new edition of the Code to Cloud Monthly DigestAgentN/APlatformDeploy Lacework/InstallationCloudN/A

4600
A
Lacer
1 year ago
M
M AParticipant
asked in General Platform Administration and Configuration
New Agent URL

The api.lacework.net agent url will retire on October 31, 2023, and will be replaced with agent.lacework.net.Is there a way to have the agent change its own target? Is there a way to get a report on which IP addresses are using the old endpoint before the retirement?AgentN/APlatformUsing Lacework/OperationalizingCloudAWS

3551
C
Lacer
1 year ago
Grant Martin
Grant MartinCommunity Manager
posted in Lacework News and Notes
New Lacework features on enhanced threat detection

Hi everybody:Today Lacework is launching a host of new enhanced threat detection upgrades aimed at improving alert quality and speed, Enhancements include:Improved composite alerts that capture more signals and reduce noise Better threat intelligence that considers Indicators of Compromise (IoC) and severity Faster detections with improvements to mean time to detect (MTTD) and mean time to react (MTTR) Better mapping of treats to industry frameworks like MITRE ATT&CKCheck out our blog post covering the updates here.

4740
Grant Martin
1 year ago
mariam.helmy
Lacer
mariam.helmyLacer
posted in Lacework News and Notes
Snowflake and Lacework reaffirm their strategic partnership in a joint press release

This week, Snowflake and Lacework reaffirmed our strategic partnership: Two companies and technologies that can support the volume, velocity, and variety of cloud data. This is our signal that we are committed to securing cloud environments no matter how large they become. Check out the news in the links above! AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

4120
mariam.helmy
Lacer
1 year ago

Badge winners

Show all badges
Terms of UseCookie settings