To navigate to the AWS Compliance Summary page, select AWS > Compliance Summary in the Lacework Console.
To populate the AWS data viewed in this summary, you must configure an integration with at least one AWS account. For more information, see Lacework for AWS.
This Compliance Summary provides critical and useful summary information. In addition, the summary can function as a global filter that allows you to focus on particular date ranges, accounts and recommendation ids, for example, filter the data returned to a specific AWS Account ID, from the last 6 days that were generated by violations of Lacework recommendations (LW_) as shown here:
Any of the filters defined at the top of summary apply to all the data displayed in the AWS Compliance Summary. The date range filter and any optional Account Alias, Account IDs or Recommendation IDs filters apply to the Timeline pane and all the tables on this page.
If no events are listed in the timeline, consider increasing the size of the date range as described below.
To set a date/time range to report on, add a filter using one of the following methods:
- Click the start date and select the calendar icon. Repeat for the end date.
- Open the DATE RANGE drop-down by selecting the down arrow next to the clock icon, and select an option.
Verify the start and end times are correct for your date/time range and change them if required, for example, if you select Last 7 days from the DATE RANGE drop-down at 3 PM on March 21 2019, the following date/time ranges are reported: Mar 14, 2019 12 AM to Mar 21, 2019 12 AM. Note the end time is 12 AM but if you want to view all the events for today, change the end time to 3 PM.
Specify a start time or end time, by selecting the clock icon.
You can also filter on Account Alias, Account IDs and Recommendation IDs.
To filter on these parameters:
- To add filters using these parameters, click in the field next to the funnel.
- Select a parameter type such as Recommendation ID.
- Select a filter OPERATOR.
Select includes if the value of the specified parameter during the compliance assessment run must match the value or regular expression specified in the condition, for example, specify Recommendation ID includes LW_* if you want the filter to return data generated from violations of Lacework recommendations (LW_).
Select excludes if the value of the specified parameter during the compliance assessment run should not match the value or regular expression specified in the condition, for example, specify Recommendation ID excludes LW_* if you do not want the filter to return data generated from violations of Lacework recommendations (LW_).
- Enter a value or regular expression to compare against. Do not enter quotes, the Lacework adds the quotes when you enter return. You can specify the * wildcard to match one or more characters.
- You can optionally add multiple filter checks. In addition, you can filter on date/time ranges as described above.
You can also add a filter by selecting the funnel icon next to an Account ID, Account Alias or Recommendation ID in all the tables under Timeline as shown here:
A new filter is added and visible at the top of the page.
The Timeline panel displays a timeline of AWS compliance events that match the date/time filter and any specified optional parameter filters set at the top of the page.
By default this page only displays AWS compliance events, so filtering using the event category tiles (APPLICATION, CLOUDTRAIL, FILE, MACHINE, or USER) is not relevant for this page.
The Timeline panel displays counts of matching AWS compliance events grouped by severity. To optionally filter events by severities, click one or more severity tiles, for example, if only the Critical tile is selected, only critical events are listed. A selected tile has a blue background.
Note that filtering by severity only affects the events listed in the timeline and has no effect on the other tables in this page.
To view more details about an event in the timeline, click the Expand event details down arrow.
For a complete history of the event, click the Open Event Dossier icon located to the left of the Expand event details.
General Panel Functionality
The following general functionality is available for some of the panels listed below.
Functionality Name and Icon
Download in CSV Format
Download a Comma-separated list of all the data that can potentially be displayed in the table. (The hidden columns not displayed in the Lacework Console are listed in the CSV file.)
This functionality is useful if you want to export this data for additional analysis or provide this data to other teams or individuals that do not have access to Lacework. This functionality allows you to share information about your organization’s cloud security posture to take the right steps towards remediation to achieve compliance.
Select Display Columns
You can customize the columns that are displayed in the table.
For some panels, you can display an Eval Guid column. The value in this column can be provided to Lacework Customer Success to assist when investigating an issue.
Run Report button
Lacework runs a complete compliance assessment run for all accounts on a regular schedule, typically once a day. To immediately initiate a compliance assessment run for a single account, which occurs outside the regular schedule, click RUN REPORT. You are prompted to select an integration to a AWS account. The report for this account is run.
Update the table to display the newest data.
Display the panel in full screen.
The Reports panel contains a table that lists all the reports that have been generated that match the current filter criteria. Each row in the table is a report summary about the status of the all the compliance recommendations for a single account at a particular date and time.
To filter the rows by account ID, account alias or date, start entering text in the search bar under AWS S3 and CIS - Recommendations, for example, to filter the rows to show only the reports for a single account, start entering the account ID or alias in the search bar under Reports. Filtering to only find the rows of a single account is useful to view changes with non-compliant resources over time for an account.
To view a detailed report with details about each recommendation, click the link under the Report column.
AWS S3 and CIS - Recommendations (From Latest Reports) Panel
This panel displays a summary of all the AWS S3 and CIS Recommendations from the latest set of reports that have run that also match the current filter criteria. Each row in the table is a recommendation summary for a specific account for the last report run.
This panel can be used to view the number of violations across multiple accounts to see where there may be a significant number of non-compliant resources in violation for a particular recommendation. Click the Recommendation ID column header to sort by recommendation ID to make this comparison.
To filter the rows by account ID, account alias, date, recommendation ID or recommendation description start entering text in the search bar under AWS S3 and CIS - Recommendations.
Summary by Service Panel
The Summary by Service panel displays a summary of services that have run during the specified date range that match the current filter criteria. To compare the services by account, sort by service name by clicking the Service Name title column.
In addition, this panel displays the number of recommendations accessed by service and account. In the Total Recommendations Accessed column, hover over each of the color bars to view the number of passed (green), failed (red) or not assessed (yellow) recommendations.
To filter the rows to show only the recommendations for a single account or service, start entering the account number, account alias or service name in the search bar under AWS S3 and CIS - Recommendations.
List of Violating Resources Panel
The List of Violating Resources panel provides a list of resources have violated recommendations including the violating resource ID and the reason for the violation.
Because this panel provides the resource ID that is in violation, this panel can be very useful when addressing and remediating non-compliant resources. The reason for non-compliance is also provided, which allows you to investigate and provide remediation, if necessary.
To identify resources with a high amount of non-compliance from the compliance benchmark recommendations, sort the Recommendation Violations column by descending order by clicking the Recommendation Violations column and selecting the down arrow on the right.
This allows you to view the number/count of compliance recommendations that the particular resource is violating.