Skip to main content

Alert Types Classified as Host Vulnerability Subcategory


Lacework generates host vulnerability alerts when it detects vulnerabilities in servers, workstations, or other network hosts and provides greater visibility into which vulnerabilities were discovered on which target hosts.

With host vulnerability alerts, Lacework helps to identify security weaknesses and vulnerabilities in hosts that attackers may exploit, provides valuable insights into an organization's overall security posture, helping to identify areas where security measures can be improved to reduce risks. In the event of a security incident, host vulnerability scanning data can provide valuable information for incident response teams, enabling them to identify and remediate vulnerabilities quickly.

Alert List

The following table lists all the host vulnerability alerts.

Alert NameAlert TypeAlert SubcategoryConnection
New vulnerable internal connectionNewVulnInternalConnectionHost VulnerabilityProcess -> Process
New external host server connection from vulnerable applicationNewExternalServerDNSConnFromVulnHost Vulnerability
New external client IP address connection to vulnerable applicationNewExternalClientIpConnToVulnHost VulnerabilityIP -> Process
New external server IP address connection from vulnerable applicationNewExternalServerIPConnFromVulnHost VulnerabilityProcess -> IP
New vulnerable applicationNewVulnBinaryTypeHost Vulnerability
New vulnerable child launchedNewVulnChildLaunchedHost VulnerabilityProcess -> Process
New child launched from vulnerable applicationNewChildLaunchedFromVulnParentHost VulnerabilityProcess -> Process
User launched new vulnerable binaryUserLaunchedNewVulnBinaryHost VulnerabilityUser --> Process
New security vulnerabilityNewHostCveDiscoveredHost Vulnerability
Severity escalated for security vulnerabilityExistingHostCveSeverityEscalatedHost Vulnerability
Fix available for security vulnerabilityExistingHostCveFixAvailableHost Vulnerability
Bad external server host connection from vulnerable applicationNewExternalServerBadDNSConnFromVulnHost VulnerabilityProcess --> DNS
Bad external server IP address connection from vulnerable applicationNewExternalServerBadIPConnFromVulnHost VulnerabilityProcess --> IP
Bad external client IP address connection to vulnerable applicationNewExternalClientBadIpConnToVulnHost VulnerabilityIP --> Process