April 2023 Linux Agent Release

v6.5.2

Release Notes

• Support for detecting active and inactive Python packages on hosts - The Lacework platform can now detect active and inactive Python packages on hosts if you do the following:

  1. Install Linux agent v6.5.2 or later on hosts.
  2. Enable active package detection for the agent. For more information, see codeaware property.
  3. Enable Agentless Workload Scanning on the hosts.

  This enables you to know whether a vulnerable Python package is being used by an application on your host and prioritize fixing active vulnerable packages first. Use the Package Status filter in the Host Vulnerability page to see active or inactive vulnerable Python packages on hosts. See Host Vulnerability - Package Status for details.

• This release minimizes a CPU utilization issue that may occur while tracking processes associated with short-lived connections or if your workload has a very large number of processes.

v6.5

Release Notes

• Ability to limit or disable API calls made by the agent to retrieve metadata tags from AWS - The agent retrieves metadata tags from AWS to enable you to quickly identify where you need to take actions to fix alerts displayed in the Lacework Console. To ensure that the latest metadata is displayed in the Lacework Console, the agent periodically makes describe-tags API calls to retrieve tags from AWS. Starting in this release, you can use the metadata_request_interval property in the config.json agent configuration file to do the following:
  • Limit the number of API calls made to retrieve tags from AWS.
  • Disable the agent from making API calls to retrieve tags from AWS.
• Support for additional configuration options in the Helm Chart - Starting in this release, you can use the following configuration options in the Helm Chart for the Lacework Linux agent. For more information, see Helm Configuration Options.
  • cmdlinefilter
  • ContainerEngineEndpoint
  • ContainerRuntime
  • packagescan
  • procscan
  • tags
• Support for specifying agent server URL when you install the agent on AWS or Google Cloud instances using the Lacework CLI - The following Lacework CLI commands now support a server_url option to enable you to specify the agent server URL. 
  • lacework agent aws-install ec2ic
  • lacework agent aws-install ec2ssh
  • lacework agent aws-install ec2ssm
  • lacework agent gcp-install osl

Public Preview

• Support for detecting active and inactive Java, golang, and npm packages on hosts - The Lacework platform can now detect active and inactive Java, golang, and npm packages on hosts if you do the following:

  1. Install Linux agent v6.5 or later on hosts.
  2. Enable active package detection for the agent. For more information, see codeaware property.
  3. Enable Agentless Workload Scanning on the hosts.

  This enables you to know whether a vulnerable Java, golang, or npm package is being used by an application on your host and prioritize fixing active vulnerable packages first. Use the Package Status filter in the Host Vulnerability page to see active or inactive vulnerable Java packages on hosts. See Host Vulnerability - Package Status for details.

• Support for discovering DNS requests over TCP - Starting in this release, the agent discovers DNS requests over TCP and sends them to the Lacework platform to enable it to identify DNS-over-TCP connections. If you want to disable the agent from discovering DNS requests over TCP, use the discover_dns_over_tcp property in the config.json agent configuration file.