Getting Started

All of the basics to get started in the Lacework Community

19 Topics

I
I.H.Participant
posted in General Platform Administration and Configuration

Business logic vulnerabilitiy on the SSO between portal and the community

First of all, love the new Lacework community. Thank you for building it and the invitation. In my opinion, there is a security flaw in the current implementation of Portal SSO when it interacts with the community. Currently, when the user login to the community page, the user been granted the whole access to the portal page https://portal.lacework.com/app/UserHome  The logout functionality appears to have a flaw as it allows users to easily log back in without entering any username or password credentials. This poses a security risk and needs to be addressed.Moreover, an effective example of Single Sign-On implementation can be seen with Okta and Jira. In this case, users are unable to access Okta through the Jira login, ensuring a more secure authentication process. Since the Lackwork portal and/or community page is perpetually logged in, an attacker has the potential to manipulate any settings within the system(e.g. XSS or phishing). This poses a significant security risk as unautho

0
I
6 days ago
A
alliefickParticipant
posted in Lacework News and Notes

What's new with Lacework this week? September 21 2023

Another exciting week for Lacework! Here are some of the top stories of the week: TSB Bank selected our platform for multicloud security CEO Jay Parikh joined tech leaders on NYSE's Future in Five We announced our new detection capabilities We released a new episode of the Code to Cloud podcast with Upvest CSO Sebastien Jeanquier @Merritt Baer wrote a guide to help CISOs navigate their first 90 days @juliensobrier wrote a blog explaining how Lacework detects Kubernetes attack techniques We published a new edition of the Code to Cloud Monthly DigestAgentN/APlatformDeploy Lacework/InstallationCloudN/A

0
A
6 days ago
M
M AParticipant
asked in General Platform Administration and Configuration

New Agent URL

The api.lacework.net agent url will retire on October 31, 2023, and will be replaced with agent.lacework.net.Is there a way to have the agent change its own target? Is there a way to get a report on which IP addresses are using the old endpoint before the retirement?AgentN/APlatformUsing Lacework/OperationalizingCloudAWS

1
C
7 days ago
Grant Martin
Grant MartinCommunity Manager
posted in Lacework News and Notes

New Lacework features on enhanced threat detection

Hi everybody:Today Lacework is launching a host of new enhanced threat detection upgrades aimed at improving alert quality and speed, Enhancements include:Improved composite alerts that capture more signals and reduce noise Better threat intelligence that considers Indicators of Compromise (IoC) and severity Faster detections with improvements to mean time to detect (MTTD) and mean time to react (MTTR) Better mapping of treats to industry frameworks like MITRE ATT&CKCheck out our blog post covering the updates here.

0
Grant Martin
8 days ago
mariam.helmy
mariam.helmyParticipant
posted in Lacework News and Notes

Snowflake and Lacework reaffirm their strategic partnership in a joint press release

This week, Snowflake and Lacework reaffirmed our strategic partnership: Two companies and technologies that can support the volume, velocity, and variety of cloud data. This is our signal that we are committed to securing cloud environments no matter how large they become. Check out the news in the links above! AgentN/APlatformUsing Lacework/OperationalizingCloudN/A

0
mariam.helmy
12 days ago
A
alliefickParticipant
posted in Lacework News and Notes

What’s new with Lacework this week? September 15 2023

From securing accolades to expanding partnerships, there's a lot going on at Lacework. Here are a few highlights from the week: We topped the charts in the G2 Fall reportsLacework landed in the Leader quadrant across 7 different categories in the G2 Fall Reports.Join us for AWS GameDay in Palo Alto on Sept. 26 We’re getting excited for our upcoming Lacework and AWS GameDay, where you can solve real-world problems in a gamified risk-free environment. Register now to join us! We expanded our partnership with SnowflakeWe recently announced the expansion of our partnership with Snowflake. Through the combined use of our platform and Snowflake's Data Cloud, our customers can now extend the benefits of cloud security data to other areas of their business. AgentN/APlatformDeploy Lacework/InstallationCloudN/A

0
A
12 days ago
christine.medina
christine.medinaCommunity Manager
published in Community Welcome and Guidelines

Welcome — take a sec to introduce yourself ✋🏼

Welcome to the communityHi everyone 👋🏼! If you’re here it’s because you want to build better cloud security — alongside all your peers. We’re excited to have you and look forward to some great discussions. This is the perfect time to introduce yourself and offer up a fun fact. Don’t be shy — it will help you connect with others, I promise. Happy hunting and happy connecting! 

29320
LacerX
Lacer
12 days ago
sporcello
sporcelloParticipant
asked in General Platform Administration and Configuration

Why does my Lacework agent (datacollector) container stop in my ECS Fargate cluster?

I would like to run the Lacework agent as a sidecar in my ECS Fargate cluster. I followed the documentation here to add the datacollector sidecar container into my task definition. When the task starts, I can see both my application and the datacollector containers. The datacollector container starts and stops, then my application container starts and runs. Is this expected?  AgentLinux 6.6XPlatformDeploy Lacework/InstallationCloudAWS

1
sporcello
18 days ago
ECleary
EClearyParticipant
asked in General Platform Administration and Configuration

How do I change the severity of an alert policy?

If I’m getting a lot of medium-level alerts for things that aren’t that big a deal for our organization, how do I set them to Low or Info? AgentN/APlatformCurrentCloudAWS

3
A
20 days ago
Ben Sherman
Ben ShermanParticipant
posted in General Platform Administration and Configuration

CIEM (Cloud Infrastructure Entitlement Management)

Lacework’s CIEM is likely new to you, but for those of us that have used CIEM-like solutions elsewhere, you will immediately note ways to accelerate the march toward Zero Trust and Least Privilege absent those other solutions. Operationalizing CIEMHow often is the first step of operationalizing something to “do nothing, sit back and enjoy.” That is where I like to start discussions of CIEM. Why? Once CIEM is enabled (did you have your CSM, PS, or SE enable it in your GUI with your tenant’s unique organizational GUID?). Thats it ! Lacework automatically moves through configuration and log data to profile all your resources and ownership including net-effective permissions (say goodbye to those spreadsheets). Then, Lacework relies upon an automatic composite alert to fire. These provide high efficacy context signals of privilege escalation and enumeration of anomalies. Why do I start here? Because, most customer risk and IAM managers say they already have Identity and access handled by v

0
Ben Sherman
22 days ago
Grant Martin
Grant MartinCommunity Manager
posted in Lacework News and Notes

Lacework in the World: August 28 2023 -- Code to Cloud Episode 12; Andrew Casey on Nasdaq's Listings; Field CISO Merritt Baer on AppSec Weekly

It’s been a busy week at Lacework and in the cloud security world. Here’s a quick look at some of the interesting events from the week ofCode to Cloud Episode 12 features an interview with Bill Dougherty, CISO at Omada Health, a virtual-first, integrated care provider Tune in to hear Bill and host Tim Chase discuss: The ins and outs of threat modeling The cybersecurity basics every security leader should revisit Why every IT or security leader should have another expertise within the business Give a listen to Lacework CFO Andrew Casey in conversation with Nasdaq's Listings Host Kristina Ayanian to discuss how our #cloudsecurity technology differentiates. Field CISO Merritt Baer was a guest on SC Media's AppSec Weekly podcast

1
Merritt Baer
27 days ago
T
tristancollinsParticipant
posted in General Platform Administration and Configuration

Troubleshooting SAML JIT 403s

Introduction:Are you trying to configure your Lacework Instance to use SAML JIT and getting the following message? Well it turns out you’re not the only one, and even better it’s probably going to be a pretty easy fix! Typically 403s are a result of not having your JIT attributes configured properly - e.g. they’re not included when expected, attribute names are mis-typed or maybe the values you’re assigning can’t be determined in the platform (e.g. incorrect account names). JIT Attribute Recap:In order for a user to gain access to the Lacework Platform they must have the following attributes set against their profile/group in your IDP:First Name Last Name Company Lacework Admin Role Account OR Lacework Power User Role Accounts OR Lacework User Role Accounts (they only need one of these attributes - but Lacework will choose the highest level of access included)For the full list (and what values you can include), check out the full documentation here. How to Troubleshoot:The first thing

0
T
1 month ago
Grant Martin
Grant MartinCommunity Manager
posted in Community Welcome and Guidelines

Ranks, Badges and Points

As in many online communities, users in the Lacework community earn points based on how they contribute. Contributors earn:30 points for providing an answer to a question 5 points for posting a reply 2 points for receiving a like or a vote 1 point for giving a like or upvoting an idea 15 points for creating a topicRanks are loosely designed to show how contributors participate in the community.Participants have no points and have made no contribution to the site -- but have at least logged in. Contributors have logged in at least five times, have at least 50 points, have replied to 5 topics, created 1 topic and provided 1 answer. Expert Contributors:  have logged in at least 50 times, have at least 100 points, have replied to 25 topics, have started 5 topics and provided 10 answers.Badges are also awarded when users reach milestones in their community journey. Available badges include:OG: Earliest users who shape the Community Early Adopter: First 100 users with contributions in the Co

0
Grant Martin
1 month ago
Grant Martin
Grant MartinCommunity Manager
posted in Community Welcome and Guidelines

Community Guidelines and Enforcement

Guidelines for Community MembersOur Community is a network of real people who are passionate about cloud security. It strives to be a place where members will:Discuss product questions, best practices, solutions and workarounds Share product feedback and have your ideas acknowledged and implemented regularly Connect with peers through discussion, build rapport on the Community, and gain valuable information during hosted events Feel appreciated for their contributions and help othersWe invite you to participate, but we do have a few guidelines for using the Community.Community ProfilesWhen creating your account, be sure to use your work email address. You can add a personal email address as a secondary option, but a work email helps us to identify which company you work with. Including a secondary email address will help you maintain access to your profile if you change companies later.As we all live in a cloud security world, it is not necessary to use your real name or your company i

0
Grant Martin
1 month ago
Grant Martin
Grant MartinCommunity Manager
posted in Community Welcome and Guidelines

Welcome to the Lacework community!

Welcome to the Lacework community!Lacework’s community is a place for customers and others interested in cloud security to share their experiences and ask questions.The Discussions section is a nexus of questions and answers about cloud security, often through the lens of a Lacework experience. Need to see how Lacework was implemented in an environment or segment similar to yours? This is the place to find peers and learnings. The Knowledge Base section of the Community is an area for customers only that provides important documentation about frequently surfaced questions. This section allows for customers to get quick answers to common questions on implementation, regular use cases, and other scenarios often seen by the support team. How-to Guides are penned by the Customer Success team and provide comprehensive walkthroughs of core Lacework functionalityFor those of you in the cloud security industry, this community is built to weave a stronger fabric of peer support and education ac

0
Grant Martin
1 month ago
M
mr_torreParticipant
asked in General Platform Administration and Configuration

What are the pros/cons of a single account vs multiaccount/organizational structure?

It is purely around separating enviornments, or anything else to consider? AgentN/APlatformN/ACloudAWS

0
M
1 month ago
S
steffen.hellwigParticipant
asked in General Platform Administration and Configuration

Is there a way to list all active Lacework agents?

Sometimes it is important to list very specific filters or the whole infrastructure about all agents to know about versions or to have an overview about the covered environment.How to do this? 

1
S
1 month ago
Grant Martin
Grant MartinCommunity Manager
asked in General Platform Administration and Configuration

Where does the Digital Hub work on Wednesdays?

I cannot find the answer. AgentLinux <5.0x< />>PlatformN/ACloudGCP

0
Grant Martin
1 month ago
T
TodoParticipant
asked in General Platform Administration and Configuration

How do I see AWS Account name instead of number?

After I completed my Lacework CSPM integration into AWS, it does not list my AWS accounts by name, only numbers when viewing the data in the platform. How can I see the names per integrated account? AgentN/APlatformCurrentCloudAWS

1
T
1 month ago

Badge winners

Show all badges
Terms of UseCookie settings