Connectivity
To be able to communicate with Lacework, installed agents must be allowed to reach the following URLs:
- S3-us-west-2.amazonaws.com : 443
- api.lacework.net : 443
If URLs cannot be used for rule writing, api.lacework.net resolves to the following rotating IPs:
- 34.212.241.15
- 34.212.79.17
- 52.43.136.187
- 34.209.102.252
- 35.164.176.181
- 52.35.54.98
If required, the agent can be configured to use a network proxy by adding proxy information to the configuration file or by creating a https_proxy environment variable.
Proxies
Add Proxy Information to the Lacework Agent Configuration
To include proxy information, edit the proxy url key:
{
“proxyurl”:”http://Your_Proxy_Server:Your_Port”
}
Or if your proxy requires a password:
{
“proxyurl:“http://username:password@Your_Proxy_Server:Your_Port”
}
Add Proxy Information for Kubernetes
To include proxy information in a Kubernetes ConfigMap, you can use the same definition of a proxy as above, as illustrated in this sample lacework-cfg-k8s.yaml:
apiVersion: v1
kind: ConfigMap
metadata:
name: lacework-config
data:
config.json: |
{"tokens":{"AccessToken":"${LaceworkAccessToken}"}, "proxyurl":"http://Your_Proxy_Server:Your_Port"}
Add an https_proxy Environment Variable
From the shell on the host where the agent resides, use the following command to add your proxy url:
$ export https_proxy=“http:Your_Proxy_Server:Your_Port”
Or if your proxy requires a password:
$ export https_proxy=“http://username:password@Your_Proxy_Server:Your_Port”
Add a Certificate
Lacework uses GoDaddy as its Certificate Authority. If the GoDaddy certificate is not in trusted root store, the agent will not be able to communicate with Lacework. Most current Linux distributions include the required certificate by default. In certain older distributions, the certificate may need to be added.