To navigate to the Machines Workload dossier in the Lacework Console, click Workload > Machines. See Workload Dossier Navigation and Filters for information about filtering dossier data.
These charts aggregate data for machines where Lacework agents are installed. Available charts present unique machines and users and network-related information such as connections and bytes, etc.
The timeline displays events that match the date/time filter and any specified optional parameter filters set at the top of the page.
Polygraphs display all observed machine network activity. Available Polygraphs include Machine Communication, Machine Servers, and Machine DNS Lookup. You can filter the Machine Communication Polygraph by machine tag.
This table displays machine properties such as IP address and last known time.
Machine Tag Summary
This table lists tag names and their values.
This table displays up time, users, total connections, processes, etc at the machine level.
List of External Facing Server Machines
This table displays servers that have an interface with a non-RFC1918 address. The open port/protocol is displayed as well.
TCP - Client Machines Making External Connections and UDP - Client Machines Making External Connections
These tables display detailed connection information. Details include both ends of the connection, number of connections, and amount of data transferred in both directions. If a connection is made to a known bad IP/domain, an appropriate Threat Tag is displayed as well.
User Login Activity
This table displays all logins within the specified time frame.
User Authentication Summary
This table displays all attempted logins and whether they were successful or not.
Active Listening Ports
This table displays any open ports on the host. Note that the displayed ports are open locally and any blocks by firewalls or iptables are not reflected.
Domain Lookups by Machine
This table displays the number of successful and failed lookups for each machine.
Dropped Packets Summary
This table displays information including hostname, destination, count, etc.
List of Active Executables and Executable Information
These tables display information for all observed executables.
List of Active Containers and Container Image Information
These tables display active containers and container image information and any vulnerabilities found in them. Container information includes the container type, the host where it is located, associated tags, hash, etc. Image information includes size, number of such containers, creation time, etc.
To view additional details about the compliance status for a container or image, hover over a row until VIEW REPORT displays and click VIEW REPORT. Click an entry link in any table to open a new view with details about that entry. For example, click an image name to display additional information about that image.
If your environment does not have any running containers, these tables do not display any data.
A Kubernetes Pod is the smallest deployed unit in the Kubernetes object model. A Pod represents a single instance of an application in Kubernetes, which might consist of either a single container or a small number of containers that are tightly coupled and share resources.