March 2023 Platform Releases
Azure and GCP instances (VMs) with no Lacework agent installed are now shown in the Agents dossier - See the Agents dossier for all available data and column descriptions.
Detection has been improved for 'Ensure “Block Project-Wide SSH Keys” Is Enabled for VM Instances' within the CIS GCP 1.3.0 benchmark - This applies to lacework-global-266.
- The policy now correctly handles when the
block-project-ssh-keyskey value does not exist for a VM Instance. If the
block-project-ssh-keyskey value does not exist, the default value is
false, and the instance is marked as non-compliant.
- The policy now correctly handles when the
Detection for publicly accesible Amazon S3 buckets has been improved for AWS compliance policies - This applies to the following policies:
Google Apps Script projects are now hidden by default in the Cloud Compliance Dashboard - Contact Lacework Support if you want to enable visibility of these projects in the Cloud Compliance Dashboard.
New APIs are now generally available - New APIs for getting Azure subscription IDs and GCP project IDs from integrated cloud accounts are now GA. The IDs are useful for retrieving and filtering cloud compliance evaluation results. For details, see Azure Subscriptions and GCP Projects.
Also, new APIs are available for invoking inventory scans and for checking the status of inventory scans. For more information, see Scan Inventory and Track Inventory Scan Status.
Custom compliance policies and reports - You can now create your own custom LQL-based compliance policies and reports. For more information, see Custom Compliance Policies and Custom Policy Types.
Unimplemented policies for CIS Azure 1.5.0 are now implemented/automated - The following policies listed in the table are now automated within the Lacework Compliance platform for the CIS Azure 1.5.0 benchmark:
CIS Azure 1.5.0 Control ID Lacework Policy ID Title 4.1.2 lacework-global-538 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP). 4.1.4 lacework-global-539 Ensure that Azure Active Directory Admin is Configured for SQL Servers. 4.2.1 lacework-global-622 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers. 4.2.2 lacework-global-623 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account. 4.2.3 lacework-global-624 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server. 4.2.4 lacework-global-625 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server. 4.2.5 lacework-global-542 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server. 4.3.2 lacework-global-544 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server. 4.3.3 lacework-global-545 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server. 4.3.4 lacework-global-546 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server. 4.3.5 lacework-global-547 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server. 4.3.6 lacework-global-548 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server. 4.3.8 lacework-global-550 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'. 4.4.2 lacework-global-552 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server.
In addition, the following policies that were deemed manual by CIS have now been automated:
CIS Azure 1.5.0 Control ID Lacework Policy ID Title 4.3.7 lacework-global-549 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled. 8.6 lacework-global-639 Enable Role Based Access Control for Azure Key Vault. 8.7 lacework-global-640 Ensure that Private Endpoints are Used for Azure Key Vault.
- Attack path analysis dossier and Top work items page - Lacework leverages our platform to show possible attack paths within a cloud environment by correlating multiple risk factors from configuration, activity, and runtime data. Lacework uses this information to create an attack path if critical vulnerabilities are associated with a host instance or container image. To access the new pages, click Attack path in the Lacework Console's left navigation.
- For each exposed asset, the Attack path analysis dossier provides an Attack Path Polygraph and detailed contextualized information so you can investigate and review potential issues.
- The Top work items page helps you quickly understand the work items that reduce the greatest risk to your cloud environment. The page displays the top risks in each of these categories: vulnerable hosts, vulnerable container images, paths with secrets, and exposed data assets.
- Linux Agent (from v6.4) can now detect active and inactive packages on hosts - Use the Package Status filter in Host Vulnerability to see active or inactive vulnerable packages on hosts. See Host Vulnerability - Package Status for details.
- Additionally, the Package Status filter can be used when downloading a CSV.