Amazon Linux vulnerabilities are now tracked by CVE IDs (instead of ALAS) - Lacework now uses the standard Severity Attribution model for Amazon Linux vulnerabilities (for both host and container images). There are generally multiple CVE IDs per ALAS ID, so expect to see additional vulnerabilities in your environment (if found). Previous discoveries of Amazon Linux vulnerabilities will remain unchanged, with ALAS IDs.
Any vulnerability exceptions created for ALAS IDs will be automatically converted to use the new CVE IDs.
Amazon Linux 2023 is now supported for vulnerability scanning - See supported operating systems for hosts and containers for a full list.
In addition, the Amazon Linux Extras Library for Amazon Linux 2 is now supported for vulnerability scanning.
RedHat Enterprise Linux 5 (RHEL 5) is no longer supported with new vulnerability data - Lacework still maintains CVEs for RHEL 5 that have discovered up to 18th July 2023. Any new CVEs discovered after this date will not be shown for RHEL 5.
Coverage Type filter now available on the Host Vulnerability page - The Coverage type filter replaces the now deprecated Scanner type filter.
Lacework Infrastructure as Code: Authored Policies Release - Lacework IaC Security is converting existing policies to Rego. You may notice duplicate findings due to checkov or tfsec policies temporarily co-existing. For remediation, Lacework offers suppression options for both Code Security App and CI/CD integrations. For more information, go to IaC Policies(/iac/restricted/iac-policies).
MITRE ATT&CK tags - Lacework alerts now include MITRE ATT&CK tags, empowering you to respond effectively to potential threats. This augmentation of robust monitoring and analysis strengthens protection for critical assets against evolving threats. For more information, see Built-in Filters.
RedHat Enterprise Linux 9 is now supported for vulnerability scanning (hosts and containers) - See Container Image Support and Host Image Support for a full list of supported operating systems.
Scanning of multiple/secondary volumes on hosts is now supported through Agentless Workload Scanning - Previously, only the root volume of a host could be scanned. See FAQs for details on volume mount compatibility and enablement with Agentless Workload Scanning.
Scanning of stopped instances is now supported through Agentless Workload Scanning - By default, stopped instances are scanned with agentless integrations. See FAQs for details on enablement.
Integrate Lacework with Security in Jira to view vulnerabilities within the context of your Jira project and issues - Lacework now supports Security in Jira integrations where you can view, prioritize, and track remediation of vulnerabilities from your active image repositories. See Integrate Lacework with Security in Jira to find out how to configure your integration.
We have revised the Configure SAML JIT documents to indicate that both Lacework Admin Role Accounts and Lacework User Role Accounts attributes are now optional. The revised documents are: