Lacework classifies events into related categories. To view event categories:
Log in to the Lacework Console.
Click Events to display the Events dashboard.
Click an event category to display relevant events.
Click the event to view the Event Summary and Investigation details.
The event categories are: Compliance - Click to view compliance-related events such as New Violations: GCP_CIS12_1_5 Ensure that ServiceAccount has no Admin privileges. Lacework uses CIS compliance rules to check if your cloud accounts are compliant with these rules. It generates events if there are compliance issues.
Application - Click to view application-related vulnerabilities such as a suspicious application cloned: Clone of Suspicious test app: Suspicious application /usr/local/bin/python2.7 (and 4 more)
Cloud Activity - Click to view cloud-activity events specific to AWS, Azure, or Google Cloud. For example: New Violations: GCP_CIS12_3_6 Ensure that SSH access is restricted from the internet new compliance violations detected
File - Click to view potentially suspicious file-related events such as: Clone of Suspicious Files: /var/run/qa/BFNE/08082021170247/eicar.com.txt (and 96 more)
Machine - Click to view machine-related events such as new IP address connections: New External Server IP Address: ip-18.104.22.168.us-west-2.compute.internal connected to xx.xx.xxx.xxx
User - Click to view user-related events such as suspicious user logins: Clone of Suspicious logins from multiple GEOs: Suspicious user logins detected for user web93 (and 331 more) access from multiple geographies
Platform - Click to view platform-related events such as cloud activity ingestion failures: Clone of Cloud Activity log ingestion failure detected: dh-user-kt is failing for data ingestion into Lacework.