When you initially log in to the Lacework Console (or select Dashboard), the global Dashboard displays below the blue navigation bar. In the blue navigation bar, Lacework provides a global search of assets known to Lacework. For more information, see Global Search.
This global Dashboard displays a visual summary of the following items for the selected timeframe:
- All CloudTrail, network, user, and process events ingested by Lacework*
- Entity behaviors identified by Lacework
- Events and critical events generated by Lacework
*Note this is dependent on the configured integrations, for example, CloudTrail data is not displayed unless you have configured CloudTrail as an integration.
You can filter on a timeframe using the Last … drop-down located in the upper right corner. You can filter from the last 24 hours to 90 days (or 180 days if you have subscribed for additional storage).
Click Trends to switch the view to display Events over Time, a graph displaying events of varying severity (from Critical to Informational) over the same selected timeframe.
To filter events by severity, under Events Over Time, select one or more checkboxes.
The slider bars underneath the graph allow you to zoom in to a smaller time period during the selected timeframe, for example, you can adjust both left and right sliders during a 3-day window to view a 4-hour window.
Below the dashboard is the Compliance Trends Over Time graph, which displays the percentage of compliance over time for AWS, Azure, and GCP. This graph displays information only if the appropriate Cloud checkbox is selected and the integration from the Cloud service and Lacework is configured.
Below the Compliance Trends Over Time graph are two bar graphs that display CloudTrail and Workload events. The CloudTrail graph is populated with events only if a Lacework AWS integration is configured and the Workload graph is populated only if agents are deployed in your environment.
By default, the graph displays up to five event types. The listed order of the event types is weighted by the severity of the events followed by the total number of events, for example, one critical event is listed before two high severity events. If more than 5 event types are available for the selected time period, you can view the remaining event types by clicking the View ... link below the graph.
Click any severity bar to open the Events page, filtered by the selected event type and severity.
Lacework’s global search provides the ability to search across a number of assets in Lacework as shown in the figure below. To start a search, click Search and enter text in the search bar and Lacework immediately returns results when the search finds any assets that match the entered string, within the following time constraints:
- Events created in the last 90 days
- Networks accessed in the last 7 days
- All other assets created or accessed in the last 30 days