Does the Lacework agent support containers/micro-services?
Lacework agent can be run as a Docker container. To build your own container, follow the instructions on the Lacework Agent page. The .tar file includes a README file on getting started with Docker files and provides additional information about necessary customization within your environment.
What is the impact of the Lacework agent on CPU and Network resources?
The number of network connections made by the host determines the impact on the individual server. We have observed CPU usage of 1-2% and data usage of 1Kbps in current deployments.
Does the Lacework agent work in the kernel or user space?
The Lacework agent works in the user space in an offline mode. There is no dependency on IP tables and the agent does not slow down application connections.
How often does the Lacework agent collect data?
Lacework is a continuous monitoring system, that collects the data every time there is any network activity. The Polygraph is computed every hour.
How is the Lacework agent updated?
The Lacework agent is automatically updated when a new version is available. You have the option to change this setting in the agent configuration.
How can I deploy the agent?
You can deploy the agent with any configuration management tool like Chef, Puppet, Ansible, or Salt. For single host installations, you can also use the Lacework installation script or embed the Lacework agent in a base image or AMI.
Does the Lacework agent work in aggregation mode?
Lacework agent supports proxy configuration and aggregation mode. In aggregation mode, you can convert one of the Lacework agents into an aggregator.