This section provides information about some of the CloudTrail security events visible in the Lacework Console.
Lacework provides visibility into your account security through the continued monitoring and analysis of CloudTrail.
For each documented event, the following information is provided:
- a summary about the event
- why the event is important
- information about investigating the event
- information about how to resolve the alert
Here is some terminology used in the event descriptions:
- Unknown internal host is an internal host that is not running a Lacework agent, which is identified by an IP address.
- Unknown external host is an external host that is seen by Lacework for the first time. External hosts are identified by their domain name. If a domain name cannot be associated with the host, identification is by public IP, which may be shared.