Alert Types Classified as Host Vulnerability Subcategory
Lacework generates host vulnerability alerts when it detects vulnerabilities in servers, workstations, or other network hosts and provides greater visibility into which vulnerabilities were discovered on which target hosts.
With host vulnerability alerts, Lacework helps to identify security weaknesses and vulnerabilities in hosts that attackers may exploit, provides valuable insights into an organization's overall security posture, helping to identify areas where security measures can be improved to reduce risks. In the event of a security incident, host vulnerability scanning data can provide valuable information for incident response teams, enabling them to identify and remediate vulnerabilities quickly.
The following table lists all the host vulnerability alerts.
|Alert Name||Alert Type||Alert Subcategory||Connection|
|New vulnerable internal connection||NewVulnInternalConnection||Host Vulnerability||Process -> Process|
|New external host server connection from vulnerable application||NewExternalServerDNSConnFromVuln||Host Vulnerability|
|New external client IP address connection to vulnerable application||NewExternalClientIpConnToVuln||Host Vulnerability||IP -> Process|
|New external server IP address connection from vulnerable application||NewExternalServerIPConnFromVuln||Host Vulnerability||Process -> IP|
|New vulnerable application||NewVulnBinaryType||Host Vulnerability|
|New vulnerable child launched||NewVulnChildLaunched||Host Vulnerability||Process -> Process|
|New child launched from vulnerable application||NewChildLaunchedFromVulnParent||Host Vulnerability||Process -> Process|
|User launched new vulnerable binary||UserLaunchedNewVulnBinary||Host Vulnerability||User --> Process|
|New security vulnerability||NewHostCveDiscovered||Host Vulnerability|
|Severity escalated for security vulnerability||ExistingHostCveSeverityEscalated||Host Vulnerability|
|Fix available for security vulnerability||ExistingHostCveFixAvailable||Host Vulnerability|
|Bad external server host connection from vulnerable application||NewExternalServerBadDNSConnFromVuln||Host Vulnerability||Process --> DNS|
|Bad external server IP address connection from vulnerable application||NewExternalServerBadIPConnFromVuln||Host Vulnerability||Process --> IP|
|Bad external client IP address connection to vulnerable application||NewExternalClientBadIpConnToVuln||Host Vulnerability||IP --> Process|