- Kubernetes Compliance policies now support exclusion of container images and registries (when applicable to a policy) - For example, a registry exclusion can now be applied to lacework-global-356. See Notes on Kubernetes Exceptions for an example.
- Kubernetes Compliance Dashboard now supports saved views - See Save View for details.
- Attack path analysis features are now GA - The features includes the following items:
- The Attack path Top work items and Path investigation pages - Lacework leverages our platform to show possible attack paths within a cloud environment by correlating multiple risk factors from configuration, activity, and runtime data. Lacework uses this information to create an attack path if critical vulnerabilities are associated with a host instance or container image.
- Enriched attack path analysis with Kubernetes service data - Attack path analysis is enriched with Kubernetes service cluster data that is collected by Lacework node and cluster collectors. If you have not set up node and cluster collectors, read how to set up node and cluster collectors.
- Non-MFA login detection update - Previously, the policy lacework-global-21 detected user logins to the AWS Console that didn't use multi-factor authentication (MFA), even if the login was performed via SAML authentication. The policy has been updated so that SAML logins are excluded from non-MFA login checks.
- Agentless Workload Scanning data is now shown in the Machines dossier - See the Machines dossier for the types of information that can be viewed.
- The List of active containers and Container image information tables in the Containers dossier also now display Agentless data.
- New alert subcategories - Added Host Vulnerability and Container Vulnerability alert subcategories, allowing you to effectively route those alerts to dedicated channels.
- Enhanced alert rules - You can route alerts of specific categories or from particular sources to dedicated channels. For more information, see Alert Rules.
- Rocky Linux support for host and container vulnerability assessments is now GA - See Supported Operating Systems for hosts and Operating System Support for containers for a list of supported versions.
- Custom compliance policies are now shown in the Cloud Compliance Dashboard - Custom compliance policies are visible (and filterable) when the Policies tab is active in the Cloud Compliance Dashboard.
- LQL now supports the UNION operator - You can now use UNION and UNION ALL to combine results of multiple queries. For more information, see the LQL UNION documentation.
Composite Alerts - Added a new composite alert: Potentially Compromised Host.
Configure Lacework Risk Score factors in the settings menu - Decide which risk score factors are taken into account during the calculation of a risk score for vulnerabilities, hosts, containers, and/or packages. See Risk Scores for further information.
Focus Python and Ruby package vulnerability detection on active packages - The Lacework platform can now detect active and inactive Python and Ruby packages on hosts if you do the following:
- Install the Linux agent on hosts.
- For Python active package detection, install Linux agent v6.5.2 or later.
- For Ruby active package detection, install Linux agent v6.6 or later.
- Enable active package detection for the agent. For more information, see codeaware property.
- Enable Agentless Workload Scanning on the hosts.
This enables you to know whether a vulnerable Python or Ruby package is being used by an application on your host and prioritize fixing active vulnerable packages first. Use the Package Status filter in the Host Vulnerability page to see active or inactive vulnerable Python and Ruby packages on hosts. See Host Vulnerability - Package Status for details.
- Install the Linux agent on hosts.