April 2023 Platform Releases
Role Based Access Control (RBAC) with the Custom Roles feature - Lacework's new RBAC system with the Custom Roles feature is now available for all customers. This is a powerful and flexible access control mechanism that allows you to control access to your resources based on user roles. The Custom Roles feature allows you assign a set of permissions that meet your organization's specific requirements. See Access Control for more information.
Google Kubernetes Engine (GKE) audit log integration is now GA - Integrating GKE audit logs lets you monitor and baseline Kubernetes runtime security audit logs, allowing you to understand critical security events within Kubernetes clusters. For details, see GKE Audit Log Integration Using Terraform.
Enriched Attack Path Analysis with Kubernetes Service Data - Attack path analysis is now enriched with Kubernetes service cluster data that is collected by Lacework Kubernetes agent collectors.
- With data from the Kubernetes agent collector (Cluster Collector), Lacework can derive attack paths that include Kubernetes services (LoadBalancer and NodePort are supported) that are exposed (one or more critical vulnerabilities). An exposed Kubernetes service can be the endpoint of a single-hop attack path. An exposed Kubernetes service can also be on an intermediate node that is traversed on the way to an RDS instance in a two-hop attack path.
- Kubernetes service attack paths require the Kubernetes agent collector. This data collector gathers K8s configuration data and requires additional installation. If you have not set up Kubernetes agent collectors, follow the steps in Install using Helm.
Agentless Workload Scanning is now supported on GCP - See Before you Start - Agentless Workload Scanning to see all supported integration options.
Rocky Linux is now supported for host and container vulnerability assessments (including Agentless Workload Scanning) - See Supported Operating Systems for hosts and Operating System Support for containers for a list of supported versions.
Support for detecting active and inactive Java, golang, and npm packages on hosts - The Lacework platform can now detect active and inactive Java, golang, and npm packages on hosts if you do the following:
- Install Linux agent v6.5 or later on hosts.
- Enable active package detection for the agent. For more information, see codeaware property.
- Enable Agentless Workload Scanning on the hosts.
This enables you to know whether a vulnerable Java, golang, or npm package is being used by an application on your host and prioritize fixing active vulnerable packages first. Use the Package Status filter in the Host Vulnerability page to see active or inactive vulnerable Java packages on hosts. See Host Vulnerability - Package Status for details.
- Configure Lacework Risk Score factors in the settings menu - Decide which risk score factors are taken into account during the calculation of a risk score for vulnerabilities, hosts, containers, and/or packages. See Risk Scores for further information.
We relocated all articles under the Product Docs > FAQs to be closer to their topic areas. Use the following table to find the new location of each FAQ article: