Skip to main content

February 2023 Platform Releases

Release Notes

  • Compliance policy update for lacework-global-217 (Lacework AWS Security Addendum 1.0) - This policy will now only check for unencrypted S3 buckets, removing the check for S3 buckets without an SSE policy. This is due to a change by Amazon to automatically encrypt all new object uploads to Amazon S3.
  • Kubernetes audit log policy changes - Changes include the following:
    • To reduce the number of alerts generated by some policies for Kubernetes audit logs (EKS and GKE), Lacework introduces the following new anomaly policies:
      • K8s new registry used
      • K8s new sensitive access to pod
      • K8s new user access to pod
      • New K8s webhook change
      • New sensitive configmaps access
    • The following policies for K8s audit logs (EKS and GKE) are now disabled by default because they are covered by anomaly policies:
      • Cluster role created or modified - lacework-global-194
      • Cluster role granting permissions on pods/exec - lacework-global-195
      • ClusterRoleBinding created for cluster-admin role - lacework-global-191
      • Ephemeral container attached to pod - lacework-global-165
      • kubectl attach to container process - lacework-global-164
      • Kubernetes namespace creation - lacework-global-177
      • Role or cluster role created with access to secrets - lacework-global-193
      • Role or cluster role created with wildcarded resources or verbs - lacework-global-192
      • Successful command execution on container - lacework-global-158
      • Usage of kubernetes Port Forward - lacework-global-163
    • To see the mapping of the disabled policies to anomaly policies, see Disabled Policies Mapped to Anomaly Policies.
  • Composite alerts - The composite analysis uses multiple detections to define more specific alert conditions. This technique allows Lacework to accurately raise a composite alert when we suspect an intrusion occurs.
    With composite alerts, Lacework further alleviates alert fatigue by automatically correlating disparate events across multiple detection sources into higher-level objects.
  • New AWS Agentless Workload Scanning integration option for AWS Organizations (using Terraform) - Use the Automatic Snapshot Role Integration (Terraform) for AWS Organizations to automatically pick up and integrate new AWS Accounts that are added to your AWS Organization.

Public Preview

  • Linux Agent can now detect active and inactive packages on hosts - Use the Package Status filter in Host Vulnerability to see active or inactive vulnerable packages on hosts. See Host Vulnerability - Package Status for details.
  • Bulk Update Policy API - The Bulk Update Policy API lets you programmatically change the status or severity of multiple policies at a time. For more information, see Bulk Policy Update.