We are excited to share with you the latest features we've wrapped into Lacework version 1.11. No action is required on your end, the updates have already been implemented in the Lacework Platform.
Now it's time to log in and see how these new features can enhance your overall cloud security.
New in Lacework Release 1.11
Alerts from Lacework can now be sent to different incident and log management tools. Please look at the support site for detailed instructions on how to setup the integration. Here is a list of tools which are supported in the current release:
- New Relic
Related Events (Cyber Kill Chain)
In the Lacework event dossier, the timeline card now automatically correlates and displays related events. The timeline card now shows all the events which occurred on the entities involved in main event +/- 12 hours from the time of the event.
New Time Series
In the Lacework datacenter dossier, there are new time series: External In Bytes,External Out Bytes, External Out Connections and Event per hour.
The timeline card now supports downloading of events in CSV format with all relevant fields.
In the Agent Dossier, there is a new pie chart which shows the breakdown of the agents in your environment by version.
Agent Upgrade Summary
In the Agent dossier, there is a new card which displays the information on the current version of the Agent and the earliest known use time for that version.
The sharing capability has been enhanced in the product. There is a Share button on the top right which when clicked provides a URL which can be sent to another Lacework user (within same company). When the second user clicks on this, they will be able to see what the sender is seeing when they created the shared URL. This takes the user to the same dossier, timestamp, and filters.
CloudTrail is available in beta with this release. Please contact [email protected] if you want to sign-up for the beta.
Lacework Polygraph for AWS CloudTrail
Detect abnormal activities on AWS accounts. CloudTrail is an AWS service that logs events on AWS accounts (S3 bucket and security group changes and more) to enable governance. Lacework’s integration to AWS CloudTrail extends Lacework’s zero-touch, no rules, no policies security for AWS to your entire AWS environment.
Lacework Polygraph can now analyze CloudTrail events and alert on anomalous activity in AWS accounts without rules or manual correlation. Polygraph establishes a baseline of normal behavior and detects deviation from the baseline for: Account Number, User Name, User Type, Source IP, Region, and AWS Service to API call.
Examples of monitored activities and generated alerts: account accessing new region, user launching a new service, use of a new API for the first time, deletion or addition of S3 buckets, changes to ACL.
There is a new CloudTrail dossier in the product, and it has following information:
- API Count – Number of API / Per hour
- Unique User Names – Unique users accessing the AWS service
- Number of Alerts – Alerts generated based on CloudTrail logs
- Unique API’s – Number of Unique API in use by customer
The alert timeline has all the alerts related to CloudTrail.
The card provides the details on all the CloudTrail logs made on the account.
There is a new API Polygraph which baselines the behavior between following entities:
- Account Number
- Source IP
- Type of User
- User Name
- User Role
- AWS Service
- Type of API
- API Type
We value your feedback and welcome any comments you may have to help improve the Lacework solution.
The Lacework Team