To navigate to the Compliance Dashboard page in the Lacework Console, select AWS > Compliance Dashboard.
To populate the AWS data viewed in this page, you must configure an integration with at least one AWS account. For more information, see Lacework for AWS.
This dashboard provides a view of your AWS accounts that are integrated with Lacework and their related compliance information and details.
Use the account drop-down to limit the results displayed in the dashboard to a single specific account or for all accounts. The account drop-down is located in the top middle of the panel and defaults to All Accounts.
The first panel is an at-a-glance Compliance Summary that displays the following:
- number accounts have been analyzed
- number of resources monitored
- percentage of resources in violation
- count of resources in violation
- number of critical CIS benchmark recommendations in violation
- number of critical S3 recommendations in violation
To view a breakdown by section, click the percentage or count of resources in violation in the middle-subpanel. A breakdown of resources in violation are displayed which are grouped by the following sections:
- general security
The next panel displays an account summary table that provides details about the AWS accounts integrated into Lacework that are in violation. Under Status, the current status of the integration between Lacework and the listed AWS account is displayed.
- Enabled—The integration between Lacework and the listed AWS account is active.
- Deleted—At one point, the integration between Lacework and the listed AWS account was active but now that integration has been deleted.
- Disabled—The integration between Lacework and the listed AWS account has been disabled.
- Integration Failed—Lacework encountered a problem while attempting to use the integration between Lacework and the AWS account, for example, maybe the correct privileges have not been granted.
To view additional details about the compliance status for this account, hover over an account row until VIEW REPORT displays and click VIEW REPORT.
The latest compliance report generated for the account is displayed and is equivalent to the latest report generated from AWS > Compliance Reports.
CIS Benchmark Overview and S3 Overview Panels
Under the Account Summary panel are the CIS Benchmark Overview and S3 Overview panels. These panels display an aggregation of data for the selected account(s) correlating to the policy/rules in the associated compliance benchmarks. Details such as severity, recommendation, service, and number/percentage of resources in violation are displayed.
The top five recommendations are displayed by default. To see all the recommendations sorted by severity, click VIEW <number> MORE RECOMMENDATIONS.
To view additional details about a recommendation, hover over a recommendation row until VIEW DETAILS displays and click VIEW DETAILS.
To drill-down to the associated Compliance Report and view the affected non-compliant resources in violation, hover over an account row until VIEW REPORT displays and click VIEW REPORT.