September 2023 Windows Agent Release

v1.7

Release Notes

• Automatic discovery of agent server URL - The Lacework agent uses a region-specific agent server URL to communicate with the Lacework platform. By default, agents use the https://api.lacework.net/ URL in the US region. For Windows agent v1.6 or earlier installed outside the default region, you must explicitly configure the agent server URL using the serverurl parameter in the config.json file. For more information, see Agent Server URL.

  Region	URL
  US (default)	https://api.lacework.net
  US-02 (US)	https://aprodus2.agent.lacework.net
  European Union (EU)	https://api.fra.lacework.net
  Australia and New Zealand (ANZ)	https://auprodn1.agent.lacework.net/

  Starting with Windows agent v1.7, it is optional for you to configure the agent server URL. The agent automatically discovers the agent server URL for your region.

  To automatically discover the agent server URL for Windows agent v1.7 or later:

  • The agents for which you have not configured the agent server URL will first communicate with https://agent.lacework.net that is located in the US region to know the region they belong to, and then use only the region-specific URL.
  • The agents for which you have configured the agent server URL will first communicate with the configured server URL to know the region they belong to.

  Once the correct region is established, agents remember it and communicate only with the agent server URL for that region until you modify the URL.

• Support for specifying tolerations for agent pods on Kubernetes clusters - You can now use the --windowsAgent.tolerations Lacework Helm chart option to specify tolerations for agent pods on Kubernetes clusters. For more information, see Specify tolerations for Agent Pods on Kubernetes Clusters.

• Support for collecting suspicious PowerShell script execution events - Starting in this release, the agent collects suspicious PowerShell script execution events.

• Ability to disable collection of suspicious PowerShell script execution events - By default, the agent collects suspicious PowerShell script execution events. You can now use the following property in the config.json agent configuration file to disable collection of PowerShell script execution events:

  "hids": { "powershell": { "enabled": false } }  

• In this release, Lacework has added some internal logging to monitor agent connectivity with the Lacework platform. Agents will periodically connect to agentcheck.lacework.net and agent.certprobe.lacework.net to enable Lacework to monitor agent connectivity with the Lacework platform and notify you if an agent has connectivity issues.

Known Issue

• The Windows agent v1.4 does not automatically upgrade to Windows agent v1.7. The workaround for this is to manually upgrade to Windows agent v1.7 using the instructions in Manual Upgrade of Windows Agent.