Introduction to Composite Alerts
This section provides information about some of the composite security alerts visible in the Lacework Console.
The composite analysis uses multiple detections to define more specific alert conditions. This technique allows Lacework to accurately raise a composite alert when we suspect an intrusion occurs.
You can use composite analysis to detect compromises in your cloud entities. Each alert provides supporting facts that can be useful to you when implementing the remediation.
For each documented alert, it provides:
- a summary of the alert
- why the alert is important
- information about investigating the alert
- information about how to resolve the alert
info
- Composite alerts are currently unavailable for GCP.
- The Potentially Compromised Host alert is available to all customers who have Lacework Agents installed, regardless of their cloud providers.
Alert List
The following table lists all the composite alerts.
Alert Name | Alert Type |
---|---|
Potential cloud-native ransomware attack | IncidentPotentialCloudNativeRansomwareAttack |
Potential cryptomining attack on host | IncidentPotentialHostCryptominingAttack |
Potential AWS defense evasion | IncidentPotentialDefenseEvasionAws |
Potential cloud-native cryptomining attack | IncidentPotentialCloudNativeCryptominingAttack |
Potentially compromised AWS keys | IncidentPotentiallyCompromisedAWSKeys |
Potentially compromised host | PotentiallyCompromisedHost |