Lacework

Details
Content
Dependencies
Version History

Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

This pack enables you to interact with the Lacework cloud security platform. The primary function is to allow users to
fetch incident data from Lacework, and construct playbooks to respond to potential threats or misconfigurations.

Classifiers

Name	Description
Lacework - Classifier	Lacework Incident Classifier
Lacework - Incoming Mapper	Lacework Mapper for incidents

Incident Fields

Name	Description
Lacework Recommendation Title	The Title of the recommendation which generated a compliance violation event within Lacework.
Lacework Recommendation Account ID	The cloud service provider 'Account ID' associated with the compliance violation.
Lacework Recommendation ID	The ID of the recommendation which generated a compliance violation event within Lacework.
Lacework Event Type	The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event.
Lacework Recommendation Account Alias	The cloud service provider 'Account Alias' associated with the compliance violation.
Lacework Event Actor	The 'Actor' that generated the Lacework event.
Lacework Event Model	The 'Model' within the 'Actor' category that generated the Lacework event.
Lacework Event ID	The ID of the Lacework event.

Incident Types

Name	Description
Lacework Alert
Lacework Event

Integrations

Name	Description
Lacework (Community Contribution)	Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

Classifiers

Name	Description
Lacework - Classifier	Lacework Incident Classifier
Lacework - Incoming Mapper	Lacework Mapper for incidents

Incident Fields

Name	Description
Lacework Recommendation Account ID	The cloud service provider 'Account ID' associated with the compliance violation.
Lacework Recommendation Account Alias	The cloud service provider 'Account Alias' associated with the compliance violation.
Lacework Event Actor	The 'Actor' that generated the Lacework event.
Lacework Event Model	The 'Model' within the 'Actor' category that generated the Lacework event.
Lacework Event Type	The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event.
Lacework Recommendation ID	The ID of the recommendation which generated a compliance violation event within Lacework.
Lacework Event ID	The ID of the Lacework event.
Lacework Recommendation Title	The Title of the recommendation which generated a compliance violation event within Lacework.

Incident Types

Name	Description
Lacework Event
Lacework Alert

Integrations

Name	Description
Lacework (Community Contribution)	Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	August 19, 2020
Last Release	July 2, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Integrations

Lacework

Classifiers

Lacework - Classifier

Incident Fields

Incident Types

Integrations

Lacework

Mappers

Lacework - Incoming Mapper

Incident Fields

Incident Fields

Classifiers

Fix: Lacework

Mappers

Fix: Lacework - Incoming Mapper

Integrations

Lacework

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER