When you initially log in to the Lacework Console (or select MONITOR > Dashboard), the global Dashboard displays below the blue navigation bar. In the blue navigation bar, Lacework also provides a global search of assets known to Lacework. For more information, see Global Search.
This global Dashboard displays a visual summary of the following items for the selected timeframe:
- all CloudTrail, network, user, and process events ingested by Lacework*
- the entity behaviors identified by Lacework
- events and critical events generated by Lacework
*Note this is dependant on the configured integrations, for example, CloudTrail data is not displayed unless you have configured CloudTrail as an integration.
You can filter on a timeframe using the Last … drop-down located in the upper right corner. You can filter from the last 24 hours to 90 days (or 180 days if you have subscribed for additional storage).
Click Trends to switch the view to display Events over Time—a graph displaying events of varying severity (from Critical to Informational) over the same selected timeframe.
To filter events by severity, under EVENTS OVER TIME click one or more radio buttons.
The slider bars underneath the graph allow you to zoom into a smaller time period during the selected timeframe, for example, you can adjust both left and right sliders during a 3-day window to view a 4-hour window.
Below the dashboard is the COMPLIANCE TRENDS OVER TIME graph which displays the percentage of compliance over time for AWS, Azure, and GCP. This graph only displays information if the appropriate Cloud radio button is selected and the integration from the Cloud service and Lacework is configured.
Below the COMPLIANCE TRENDS OVER TIME graph, are two bar graphs which display Cloudtrail and Workload events. The CloudTrail graph is only populated with events if a Lacework AWS integration is configured and the Workload graph is only populated if agents are deployed in your environment.
By default, the graph displays up to five event types. The listed order of the event types is weighted by the severity of the events followed by the total number of events, for example, one critical event is listed before two high severity events. If more than 5 event types are available for the selected time period, you can view the remaining event types by clicking the VIEW ... link below the graph.
Click any severity bar to open the Events page, filtered by the selected event type and severity.
Lacework’s global search provides the ability to search across a number of assets in Lacework as shown in the figure below. To start a search, enter text into the search bar and Lacework immediately starts returning results when the search finds any assets that match the entered string, within the following time constraints:
- Events created in the last 90 days
- Networks accessed in the last 7 days
- All other assets created or accessed in the last 30 days