View Agentless Workload Scanning Results in the Lacework Console
View Agentless Workload Scanning Vulnerability Results
Once you have integrated Agentless Workload Scanning with your cloud provider, you can view the results of Host and Container vulnerability scans.
Agentless Host Vulnerability
- Click Vulnerabilities > Hosts to view host vulnerabilities in your environment.
- Apply the Coverage type: Agentless filter (when Group by Host is active) to view host scan results from Agentless Workload Scanning integrations.
The Coverage type value is Agentless for any host that has been assessed using this type of integration.
Agentless Container Vulnerability
- Click Vulnerabilities > Containers to view container vulnerabilities in your environment.
- Apply the Scanner type: Agentless filter (when Group by Image ID is active in either tab) to view image scan results from Agentless Workload Scanning integrations.
The Scanner type value is Agentless for any image that has been assessed using this type of integration.
View Secrets Detected by Agentless Workload Scanning
Click Attack path > Top work items.
The secrets detected on hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities are displayed in the Top risky paths with exposed secrets table.
In addition, you can use the following LQL datasources to create custom policies to display alerts for secrets in the Lacework Console:
- LW_HE_ACCESS_SSH_AUTHORIZED_KEYS for public SSH keys in
authorized_keys
files detected by Agentless workload scanning. - LW_HE_SECRETS_SSH_PRIVATE_KEYS for SSH private keys detected by Agentless workload scanning.
- LW_HE_SECRETS_ALL for all types of secrets detected by Agentless workload scanning.
See Secrets Detected by Agentless Workload Scanning for information on the types of secrets that are detected by Agentless workload scanning.
- LW_HE_ACCESS_SSH_AUTHORIZED_KEYS for public SSH keys in
View Exposure Polygraph in Single Machine Dashboard
- Click Workloads > Hosts > Machines to view the Machines dashboard.
- Click on a Hostname (for example, in the Machine properties or Machine activity table) to view the Single Machine dashboard for that host.
- Find the Exposure Polygraph section to view exposure details from the latest Agentless scan.