Skip to main content

Introduction to Composite Alerts

This section provides information about some of the composite security alerts visible in the Lacework Console.

The composite analysis uses multiple detections to define more specific alert conditions. This technique allows Lacework to accurately raise a composite alert when we suspect an intrusion occurs.

You can use composite analysis to detect compromises in your cloud entities. Each alert provides supporting facts that can be useful to you when implementing the remediation.

For each documented alert, it provides:

  • a summary of the alert
  • why the alert is important
  • information about investigating the alert
  • information about how to resolve the alert
  • Composite alerts are currently unavailable for GCP.
  • The Potentially Compromised Host alert is available to all customers who have Lacework Agents installed, regardless of their cloud providers.

Alert List

The following table lists all the composite alerts.

Alert NameAlert Type
Potential cloud-native ransomware attackIncidentPotentialCloudNativeRansomwareAttack
Potential cryptomining attack on hostIncidentPotentialHostCryptominingAttack
Potential AWS defense evasionIncidentPotentialDefenseEvasionAws
Potential cloud-native cryptomining attackIncidentPotentialCloudNativeCryptominingAttack
Potentially compromised AWS keysIncidentPotentiallyCompromisedAWSKeys
Potentially compromised hostPotentiallyCompromisedHost