Skip to main content

July 2020 Platform Releases


  • Microsoft Teams alert channel support—You can configure Lacework to forward events to Microsoft Teams. For more information, see Microsoft Teams.
  • G Suite SAML authentication support—The Lacework Console supports G Suite SAML authentication. For more information, see Google Workspace SAML Configuration.


  • Defining report rules based on resource group—When defining report rules for AWS, Azure, and Google Cloud, you can email compliance reports based on resource groups. For more information, see Report Rules.
  • Suppressing suspicious login events based on source IP—When creating custom rule filters, you can specify the source IP address/es to include/exclude.
  • Limiting results by OS (namespace) with host Vulnerability APIs —The following host Vulnerability APIs now support limiting the returned results by OS (namespace):
    • GET api/v1/external/vulnerabilities/host
    • GET api/v1/external/vulnerabilities/host/machineId/{MachineId}


  • Support for the GetEvaluationsForDateRange Vulnerability API operation—The GET /api/v1/external/vulnerabilities/container/GetEvaluationsForDateRange operation returns a list of images evaluated by the Lacework container vulnerability assessments during the specified date range. In addition, this GET operation provides summary information about known vulnerabilities found in the operating system software packages of the evaluated container images.
    The Lacework API documentation is available directly from your Lacework Application at the following URI:, where YourLacework is your Lacework Application. From the Help drop-down in the Lacework Console, select API Documentation. For more information, see Lacework API.

  • Package status is returned for Vulnerability host APIs—The following host Vulnerability APIs return the package_status in the PACKAGES section of the response:

    * GET api/v1/external/vulnerabilities/host
    * GET api/v1/external/vulnerabilities/host/machineId/{MachineId}
    * GET api/v1/external/vulnerabilities/host/cveId/{CveId}

    The package_status is set to ACTIVE or it is not set. Lacework does not set package_status if Lacework cannot determine that the package is conclusively active.

  • Severity reported in Slack alerts—The Slack alert channel reports severity in outgoing Slack alerts. The severity of the alert is between 1 and 5. The number 1 is the highest severity and 5 is the lowest severity.