Global Search - Additional Fields
You can now search by IP address and file hash. For example, if a suspicious file is found, you can enter the hash into global search:
The search result takes you to the FIM dossier for that specific hash where you can quickly find machines names and paths associated with the suspicious file. In this example, the suspicious file is limited to one machine.
You can also search by IP. If there is a match, the search result directs you to one of the following:
- The network dossier for external IPs
- The machine dossier for hosts which have the Lacework agent installed
- The ip dossier for hosts which do not have the Lacework agent installed
Compliance Event Severities
Compliance events are generated when a compliance recommendation changes status from 'compliant' to 'non-compliant'. The severity of these events were not consistent with the severity of the compliance recommendation itself. Moving forward, compliance events will have the same severity as the underlying recommendation.
For example, LW_S3_1 : All users cannot access objects in the S3 buckets is a critical category. If the LW_S3_1 status changes from 'compliant' to 'non-compliant', the subsequent event will now be reported as 'critical' severity.
Compliance Event Generation
Previously, compliance events were generated against the daily report, but not against a report run on demand. Moving forward, compliance events will be generated both by the daily report and on demand.