Lacework classifies alerts into related categories. A category contains various properties and specifications that define the alerts within that category.
The following table describes all alert categories.
|Anomaly||Alerts that are generated when there are behavioral changes.|
|Policy||Alerts that are generated when a violation of a custom policy is detected.|
|Composite||Alerts that are generated when a potential intrusion is detected.|
The following table describes all alert subcategories.
|Compliance||Compliance-related alerts such as |
|Application||Application-related vulnerabilities such as a suspicious application: |
|Cloud Activity||Cloud-activity alerts specific to AWS, Azure, or Google Cloud. For example: |
|File||Potentially suspicious file-related alerts such as: |
|Machine||Machine-related alerts such as new IP address connections: |
|User||User-related alerts such as suspicious user logins: |
|Platform||Platform-related alerts such as cloud activity ingestion failures: |
|Kubernetes Activity||Kubernetes-related alerts such as a new binding to a Cluster Role was created: |
|Registry||Registry-related alerts such as |
|SystemCall||System-call-related alerts such as |
|Host Vulnerability||Host-vulnerability-related alerts such as |
|Container Vulnerability||Container-vulnerability-related alerts such as |
|Threat Intel||Network-related alerts such as |