Skip to main content

Introduction to Composite Alerts

This section provides information about some of the composite security alerts that are visible in the Lacework Console.

The composite analysis uses multiple detections to define more specific alert conditions. This technique allows Lacework to accurately raise a composite alert when we suspect an intrusion occurs.

You can use composite analysis to detect compromises in your cloud entities. Each alert provides supporting facts that can be useful to you when implementing the remediation.

For each documented alert, it provides:

  • a summary of the alert
  • why the alert is important
  • information about investigating the alert
  • information about how to resolve the alert

The Potentially Compromised Host alert is available to all customers who have Lacework Agents installed, regardless of their cloud providers.