Datasource additions - The following new datasources are now available:
- Amazon Elastic Compute Cloud (EC2):
- Amazon ElastiCache:
Cloud Compliance dashboard updates – The Cloud Compliance dashboard has been refreshed with the following major changes:
- Groups have been replaced with tabs for visibility and ease of navigation.
- Previously, you were only able to view data for 300 accounts at a time in the dashboard. This limitation has now been removed.
- Manual policies are now a singular metric, and not grouped with the Not assessed category.
- The Resources column in the framework/policy/account drawers now displays all resources when expanded. Previously, only a maximum of 5 resources were displayed with a link to the resource inventory.
- Terminology change: Assessments are now called Frameworks in the Lacework console. Frameworks specify a set of policies that are assessed together to generate a report.
- Disabled cloud account integrations are no longer shown in the visible account filters.
See Cloud Compliance Dashboard for updated documentation that includes these changes.
View management - You can now create, update, and share customized views easier with the new view management feature.
Attack path analysis adds support for Azure - Attack paths are now supported for the following Azure assets:
The Lacework Console has the following updates:
- The Top work items page Top risky hosts and Top risky data assets tables include attack paths to Azure Blob Storage, Azure Databases, and VMs.
- The Path investigation page includes new Exposure Polygraph nodes to support Azure cloud assets. The page has new Azure-related sections for detailed information: Azure Blob Storage, Azure Databases, VMs, security groups, and load balancers.
- The Alerts page supports Exposure Polygraphs for Azure.
- The Vulnerabilities page supports the internet exposure filter for Azure.
- The single machine dossier includes Exposure Polygraphs for Azure.
Oracle Cloud Infrastructure (OCI) support – Lacework now supports cloud security compliance and posture management for Oracle Cloud Infrastructure (OCI). Lacework support encompasses the following key features:
- Default policies to support the CIS OCI 1.2.0 Benchmark and OCI Configuration Detector Rules.
- Filtering by OCI-related activity and resources on the policies page, compliance dashboard, reports dashboard, and resource explorer. Filtering controls for OCI reflect compartment hierarchy from the source, so that you can select compartments individually or many compartments at once via a parent compartment.
- The ability to construct condition-based resource groups based on characteristics of OCI resources.
- View all integrated OCI resources and configuration history in the OCI Resource Inventory.
- Integration with OCI is afforded with features to ease integration, including Terraform support and a console-based integration interface. It also includes API/CLI onboarding capabilities, alert filtering, and more.
See Integrate Lacework with OCI to learn more about Lacework and OCI.
Resource groups – Resource groups have been significantly enhanced. Most notably, you can now use conditions on various resource characteristics to determine resource group composition. Instead of basing resource groups on just cloud type or account, you can compose resource groups based on properties of the resources such as their region, tags, and cloud-specific organizational units to which they belong, such as organization (for AWS and GCP), account, folder, subscription, and more.
In addition, you can create complex logical conditions that give you precise control over the resources that belong to a resource group. Resource groups are dynamic; Lacework assesses resource association to a resource group at time of use.
You can apply enhanced resource groups in a variety of settings. For user groups, resource groups let you allocate data access to users (at the account level) based upon properties of the resources. This extends the previous model in the Lacework Console, which determined user access based only upon actions and features. Access and filterability based on resource groups appears in these features:
- Host vulnerability view filtering and data access enforcement
- Container vulnerability view filtering and data access enforcement
- Resource explorer view filtering and data access enforcement
- Kubernetes compliance view filtering and data access enforcement
- Report view filtering and data access enforcement
Enhanced resource groups are not available for alert routing or alert filtering. For alert routing, you must use the legacy resource groups.
Custom policy update and custom frameworks - You can now create custom compliance and violation policies using an improved UI workflow, and add your custom policies to assessment frameworks. Assessment frameworks serve as the basis of report configurations. For more information, see Create a Custom Compliance Policy and Create a Custom Violation Policy.
- Resource Inventory is now deprecated in favor of Datasource Metadata - The Datasource Metadata article lists ingested cloud provider APIs and the equivalent LQL datasource names. As such, this article will now be the source of truth for ingested cloud provider APIs and resource types.