Skip to main content

View Policies

This topic introduces you to Lacework policies and how to view and configure policies in the Lacework Console.

View Policies

Users with Policies read permission can view policies in the Policies page in the Lacework Console.

The Policies page includes a dashboard and the list of policies in this Lacework account. The dashboard displays a graphical overview of the status of policies in this Lacework instance, their type, and severity.

You can hide the dashboard by clicking the collapse icon at the top right.

The Lacework Console shows a subset of the policies at a time. To see and sort all policies, you can download the policy list as a comma-separated values file. The CSV-formatted file lets you view the many types and tags associated with policies.

Filter Policies

The policy list displays up to 50 policies at a time. Use the arrows to page through the policy list or the Sort by menu to order policies by name, severity, or date of last update.

The filtering options enable you to specify criteria for which policies appear in the policies list. Filters let you select policies by domain, type, status, severity, and more.

The filtering options are dynamic. For example, if you filter domain on AWS, the policy types relevant to AWS appear in the Type filter options, such as S3, Identity and Access Management, and CloudTrail.

The rule types include these options:

  • Default policies are built-in, Lacework provided policies.
  • Custom policies are policies that you or others in your organization have created. For information on custom policies, see Policies.
  • Legacy policies are policies that are obsolete or have been superseded. In general, you should move away from legacy policies over time.

Other filtering options include:

  • Status: Whether a policy is enabled or disabled
  • Severity: The severity level associated with the policy, such as critical, high, low, and so on.
  • Tags: Descriptive tags associated with policies

After selecting filtering criteria, click Reset to return the list to its default.

Save and Share a View

When the page displays your desired policies, click Save or Create view in the top right corner. This allows you to access the saved view later. You can also copy the link to a saved view by opening the list of saved views and clicking the Share view icon of the view you want to share. You can then send that link to others so they can see the same view. For more details about saved views, refer to Views Management.

Policy Details

Click a policy to display its details. The policy's domain and type determine the available details.

Potential Summary tab information:

  • The number of alerts in the past 7 days
  • Description: Additional policy details
  • Frequency: The frequency of assessment
  • Severity: The severity of an event triggered by the policy
  • Domain: The highest level policy category
  • Type: A policy's subcategory
  • Action on failure: The action to take when a policy failure occurs
  • Scope: The registries associated with the container vulnerability policy
  • Created by: The user who created the policy
  • Updated on: The last date the policy was updated
  • Updated by: The user who last updated the policy

Potential additional tabs:

  • Query
    • For Lacework Query Language (LQL) policies, the tab contains the entire LQL query.
    • For non-LQL-based policies, the tab contains the expressions and result of the expressions.
  • Exceptions
  • Context: Remediation steps