Skip to main content

September 2023 Platform Releases

Generally Available

Public Preview

  • Linux agent configuration from the Lacework Console - Previously, you had to manually update the config.json file on every host to modify the Linux agent configuration. You can now use the Lacework Console to specify the configuration for all agents that use a specific agent token. Any new agent that you install using the token will also use the same configuration. For more information, see Configure Linux Agent Behavior in the Lacework Console.


    The settings in the config.json file take precedence over the settings in the Lacework Console. So, you can continue to manually update the config.json file on every host if you prefer. However, Lacework recommends using the Lacework Console to configure the agent because it makes it easier to quickly change settings for a large number of agents.

  • The GitHub Security Advisory is now used as the CVE source for Java and NPM vulnerabilities - See supported language libraries and package managers for containers and hosts for a full list of the CVE sources used.

  • New composite alert - The Potentially compromised Google Cloud identity alert will be triggered when there is unauthorized access, data leaks, exploitation of vulnerabilities, or other malicious activities within your Google Cloud environment.

  • Entitlement management - The Lacework entitlement management feature provides you with the visibility and context to understand your cloud identity architectures and right-size cloud permissions to achieve least privilege goals.

    Access the new entitlements capabilities through a new top-level Entitlements menu item in the left navigation. Entitlements has three tabs:

    • The Overview tab provides a consolidated view of entitlement metrics, including identities with excessive privileges, active keys older than 180 days, and total number of user accounts. Additional categories of metric trends include high risks, low usage, identity activity, and identity compliance.
    • The Top identity risks tab helps you prioritize what to fix first by providing a list of the greatest identity risks in your environment.
    • The Explore tab provides a list of identities and summary information. From here, you can drill down into identity access grants and identity transitions, for example, you can see which user can assume which roles. You can also get remediation suggestions and rationale for fixing identity issues.
  • Support for identity attack paths - Identity attack paths include the following new paths:

    • Internet → ... → EC2 → Admin role
      This path depicts an admin role as the path endpoint.
    • Internet → ... → EC2 → Role → S3 bucket cluster
      This path depicts a non-admin role.
      • The EC2 → Role portion means the IAM role associated with the EC2 instance.
      • For the Role → S3 bucket cluster portion, the S3 bucket cluster groups together all the S3 buckets accessible by the role.
    • Internet → ... → S3

    The Lacework Console has the following updates: