December 2019 Platform Releases
New Features
v2.51 Release
- Invitation only, limited beta. Support for daily host vulnerability assessment for Operating System-managed packages and the reporting of these vulnerabilities via the vulnerabilities/host and vulnerabilities/host/{CveId} API Operations—The vulnerabilities/host operation lists the common vulnerabilities and exposures (CVEs) found on the hosts of your Lacework environment. The vulnerabilities/host/{CveId} operation lists the hosts with the passed in CVS id that are found in your Lacework environment. The following data is returned by these operations: package name, version, CVE, severity, and fix availability. The Lacework API documentation is available directly from your Lacework Application at the following URI: https://YourLacework.lacework.net/api/v1/external/docs, where YourLacework is your Lacework Application.
- Support for Datadog in the integrations API operations—Support for creating, enabling, and disabling Datadog integrations using the Lacework API. For more information, see the Lacework API documentation. The POST /api/v1/external/integrations operation has an example invocation for creating a Datadog integration. The Lacework API documentation is available directly from your Lacework Application at the following URI: https://YourLacework.lacework.net/api/v1/external/docs, where YourLacework is your Lacework Application.
- Recommendations—Support for the following new recommendations:
- LW_AWS_NETWORKING_16—ELB SSL Certificate should expire in 5 Days
- LW_AWS_NETWORKING_17—ELB SSL Certificate should expire in 45 Days
- LW_AWS_NETWORKING_18—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 23 (Telnet)
- LW_AWS_NETWORKING_19—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 135 (Windows RPC)
- LW_AWS_NETWORKING_20—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 445 (Windows SMB)
- LW_AWS_NETWORKING_21—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 3306 (MySQL)
- LW_AWS_NETWORKING_22—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 5432 (PostgreSQL)
- LW_AWS_NETWORKING_23—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 1433 (SQLServer)
- LW_AWS_NETWORKING_24—Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 1434 (SQLServer)
- LW_AWS_NETWORKING_25—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 4333 (MSQL)
- LW_AWS_NETWORKING_26—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 5500 (VNC Listener)
- LW_AWS_NETWORKING_27—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 5900 (VNC Server)
- LW_AWS_NETWORKING_28—Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 137 (NetBIOS)
- LW_AWS_NETWORKING_29—Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 138 (NetBIOS)
- LW_AWS_NETWORKING_30—Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 445 (CIFS)
- LW_AWS_NETWORKING_31—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 21 (FTP)
- LW_AWS_NETWORKING_32—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 20 (FTP-Data)
- LW_AWS_NETWORKING_33—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 20 (FTP-Data)
- LW_AWS_NETWORKING_34—Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 53 (DNS)
- LW_AWS_NETWORKING_35—Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 53 (DNS)
- LW_AWS_NETWORKING_36—Security group attached to EC2 instance should not allow inbound traffic from all to All Ports
- LW_S3_18—Ensure the attached S3 bucket policy does not grant global 'Get' permission.
- LW_S3_19—Ensure the attached S3 bucket policy does not grant global 'Delete' permission
- LW_S3_20—Ensure the attached S3 bucket policy does not grant global 'List' permission
- LW_AWS_IAM_11—Ensure non-root user exists in the account
- LW_AWS_SERVERLESS_5—Lambda Function should not have VPC access