- OneLogin authentication support—The Lacework Console supports OneLogin SAML authentication and JIT user provisioning. For more information, see OneLogin SAML Configuration.
- Updated LW_AWS_NETWORKING_16 and LW_AWS_NETWORKING_17 recommendations—The LW_AWS_NETWORKING_16 recommendation generates events when it detects that the Elastic Load Balancer certificate will expire in 5 days or less. The LW_AWS_NETWORKING_17 recommendation generates events when it detects that the Elastic Load Balancer certificate will expire in 45 days or less.
- Variables in custom Jira templates—When defining a Jira alert channel, you can add variables that represent data from Lacework to custom Jira templates. For more information, see Jira Alert Channels.
- Retrieving custom Jira templates—If a custom template was used for an existing Jira alert channel, the Lacework Console allows you to download the template.
- AWS CloudTrail dossier includes Principal ID—The AWS CloudTrail dossier includes Principal ID as an available page filter and as a column in the CloudTrail Logs table.
Host Vulnerability Assessment General Availability
This feature is now in general availability and includes the following updates:
- Host vulnerability alerts—The Lacework Console raises alerts when vulnerabilities are detected during host assessment. The Lacework Console supports alerting about the following host vulnerabilities:
- A new software vulnerability within monitored hosts for a defined severity level
- A known software vulnerability within monitored hosts for a defined severity level
- A software vulnerability severity change within monitored hosts
- A software vulnerability patch status change within monitored hosts
- Rule customization—You can use policies to clone and customize the rules used for assessment.
- Additional filters for vulnerability assessments—When viewing host vulnerabilities, two new filters are available. You can filter by CVE severity, for example, you only want to see critical severity CVEs. You can also filter by whether a CVE is fixable.
- Host vulnerability assessment pages include only actionable vulnerabilities—To improve surfacing actionable vulnerabilities, host vulnerability assessment counts/statistics include only unfixed vulnerabilities, with one exception. The Host Vulnerability Report pages includes a table row for every vulnerability (fixed and unfixed). This means the number of table rows will be higher than the number of detections on the Host Vulnerability Assessment and Host Vulnerability Assessment Report pages.
- Lacework Console changes:
- Workload menu renamed to Host—The top-level Workload menu is now named Host.
- Additional menu/field names changed to host—On the Dashboard, workload events are now host events. On the Policies page, workload policies and rules are now host policies and rules.
- Containers and Kubernetes dossiers—The Containers and Kubernetes dossiers are now located under the top-level Container menu.
- Host menu displaying depends on the Lacework agent—If a Lacework agent is not installed, the top-level Host menu is not present.
Host vulnerability assessment requires Lacework agent version 2.12.1 or later (agent 2.12.1 release notes are available here).