Use Lacework's Resource Explorer
The resource explorer presents an overview of the resources in your integrated cloud environments. The resource explorer features trends across your cloud environment, such as the number of total resources as well as the resources over time. It lists the resources identified by Lacework, enabling you to keep track of all of your resources with daily data collection.
To access the resource explorer, log in to the Lacework Console and click Resource Explorer.
Search and Filter
The resource explorer includes multiple filters, as well as a search field to further refine your list of resources. You can use the * wildcard character for flexible pattern matching. For example, to search for any resource that includes the name of an S3 bucket, such as my_s3, search for *my_s3*.
Filter Resources by Date and Time Range
At the top of the page, you'll find date/time range and parameter filters. The Date range icon offers preset options for displaying resources based on their last collection date:
- Latest week
- Latest month
- Custom
Click Custom to select the start and end date/time manually.
All collection timestamps are in local time.
The number of alerts shown corresponds to the latest date in the time range that the resource were collected. For example, if you set the date and time range to Monday through Friday, and the resource was found in the first 4 days, we would show the finding for Thursday.
Alerts reset with each daily scan for resources. Therefore, if there were no alerts on Thursday, you would see 0 alerts even if there were alerts on Monday and Tuesday.
Available Filters
Preset filter groups let you quickly refine the list of resources. For example, to explore resources from the us-east-1, you can select the corresponding filter from the Region dropdown.
Available filter groups include:
|
|
Resource List
The resource list shows all resources collected by Lacework in the selected time range that meet filter or search criteria you have specified, if any.
For each resource, the list shows the name of the resource, its IP addresses, type, organization, and more.
Every resource collected in Lacework also has a unique resource identifier. It may be helpful to understand how Lacework derives this identifier for various types of resources, depending on the cloud type:
For Azure resources, Lacework uses the Azure resource ID as the resource identifier.
For Google Cloud, Lacework uses the full resource name.
For AWS, if the resource has an ARN, Lacework uses the ARN value as the resource identifier. If a resource does not have an ARN in AWS, Lacework creates an URN to use as the resource identifier for it. Identifiers created by Lacework are distinguished by the
urn:lacework:awsprefix.An example of such a resource identifier is as follows:
urn:lacework:aws:aws:rds:us-east-2:991966387703:db-parameter/default.aurora-postgresql14:apg_enable_correlated_any_transform
It is important to note that such URNs were generated for an existing cloud resource or artifact by Lacework, in the absence of an ARN.
Composite Severity
Composite Severity is currently in preview and only available to select Lacework customers.
Resource Explorer introduces a new holistic approach to viewing risk over time with Composite Severity. Composite Severity combines factors from other areas of our platform: vulnerabilities, violations, alerts, and attack paths. This enables you to view risk across your organization in one place.
You can use the Composite severity over time graph to track your security posture across your organization over time. You can then use the resource list and filters to get more specific information about your resources and their severity factors.
In the resource list, the composite severity column has two sub-columns, Severity and Factors. These sub-columns gives you insight to individual resources and the factors that contribute to your composite severity. The Severity sub-column assigns a severity (critical, high, medium, low, and info) to your resources based on our findings for vulnerabilities, violations, alerts, and attack paths. Factors displays an icon for each factor that is color-coded to match the severity of our findings for that specific factor. These may vary from your overall composite severity. For example, your resource may have high severity alerts, high severity compliance violations, info attack paths, and critical severity vulnerabilities, and the resource have a high composite severity, which takes these factor into account.
Click a Resource Identifier to open the Resource Data Drawer.
Resource Data Drawer
From the Resource list, click a resource to display its details, including:
- Composite Severity (preview):
- See the breakdown of your resource's composite severity.
- Review findings for each of the 4 factors that comprise the composite severity.
- Overview and Summary:
- Gain insights into the number of vulnerabilities, compliance findings, alerts, and available attack paths related to the selected resource.
- Properties:
- Access resource properties, including its last collection time, resource name, resource type, ID, and any changes that occurred in the last 24 hours.
- Configuration Changes:
- Examine the most recent configuration changes, providing an opportunity to verify if these changes align with the intended configuration.
- Retrieve the timestamps indicating the start and end times of the latest ingestion process.
- Related resources:
- Capture all outbound and inbound resources that are related to this resource, allowing you to assess the risk associated with these connections and take necessary security measures.
Not all resources have a Related Resources section.