Skip to main content

January 2024 Platform Releases

Generally Available

  • Crowdsourced risk analysis - Crowdsourcing analysis of alerts lets Lacework leverage combined insights across customers’ cloud environments. The insights can help to lower anomaly alert severities by recognizing behaviors that are expected by Lacework or common in cloud environments.

  • Support for detecting active and inactive PHP packages on hosts and containers - The Lacework platform can now detect active and inactive PHP packages on hosts and containers if you do the following:

    1. Install Linux agent v6.11 or later on hosts or containers.
    2. Enable active package detection for the agent. For more information, see How do I enable active package detection?.
    3. Enable Agentless Workload Scanning on the hosts.

    This enables you to know whether a vulnerable PHP package is being used by an application and prioritize fixing active vulnerable packages first. Use the Package status filter in the Host Vulnerabilities page and Container Vulnerabilities page to see active or inactive vulnerable PHP packages on hosts and containers. See Host Vulnerability - Package Status for details.

Public Preview

  • Exceptions can now be created for OCI compliance policies - See compliance policy exceptions for guidance.

  • New composite alert - The Potentially compromised Kubernetes user alert will be triggered when there Lacework detects evidence suggesting potentially compromised Kubernetes user credentials.

  • Lacework AI Assist - Lacework AI Assist provides an AI-based chat experience within the Lacework Console that helps console users understand and remediate alerts. The Lacework AI Assist enhances the security and remediation expertise of your Lacework Console users by providing interactive, actionable help, particularly relating to a given compliance or anomaly alert.

    Specifically, AI Assist can help your Lacework Console users by:

    • Providing detailed explanation about why the alert was triggered, the potential risks involved, and the key elements of the alert.
    • Offering step-by-step guidance on how to investigate the alert using Lacework tools, and what to look for during the investigation.
    • Providing detailed guidance on remediation steps, for example, by describing how to block an IP address in the cloud console.

    AI Assist can also provide sample code, including CloudFormation and Terraform scripts, to help remediate the issues raised by alerts. The code is tailored for the specific alert type and alert details.

    To use AI Assist, enable it in the Lacework Console's general settings. Once AI Assist is enabled, Lacework Console users can access AI Assist by clicking the chat icon on the right side of the details view for compliance and anomaly alerts.

  • Support for detecting vulnerabilities on Microsoft Windows Servers - Starting in this release, you can install Lacework Windows agent v1.7.2 or later on your Microsoft Windows Server hosts to proactively identify and take action on operating system and application software vulnerabilities.

    For information on the Windows Server OS and application software versions for which vulnerability detection is supported, see Supported Windows Operating Systems and Applications.

    You can use the Host Vulnerabilities page on the Lacework Console to do the following:

    • View operating system and application software vulnerabilities on your Microsoft Windows Server hosts.

    • Prioritize fixing the critical and high risk vulnerabilities before fixing other vulnerabilities.

    • Know the Microsoft KB article or application software version you can install to fix a vulnerability.

    • Know whether you must reboot a Windows Server host after you fix a vulnerability.

    • Know whether Windows Server Update Services (WSUS) is disabled on your host. Lacework recommends enabling WSUS to protect your host from vulnerabilities.

    • Know whether you must upgrade a Windows Server host OS to ensure accurate vulnerability detection. Lacework does not support vulnerability detection on Windows Server 2012 R2 versions older than April 2016.

      note
      • Agentless Workload Scanning does not support host vulnerability assessment on Windows Server hosts. You must install the Lacework Windows agent to enable host vulnerability assessment on Windows Server hosts.
      • Active package detection is not supported on Windows Server hosts.
      • The lacework vulnerability host command is not supported on Windows Server hosts.

Documentation Updates

  • All content relating to legacy CIS benchmark reports and policies has now been removed - This includes the following benchmarks:
    • AWS CIS 1.1.0
    • Azure CIS 1.3.1
    • GCP CIS 1.2.0