This pack enables you to interact with the Lacework cloud security platform. The primary function is to allow users to
fetch incident data from Lacework, and construct playbooks to respond to potential threats or misconfigurations.
Lacework
- Details
- Content
- Dependencies
- Version History
Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.
This pack enables you to interact with the Lacework cloud security platform. The primary function is to allow users to
fetch incident data from Lacework, and construct playbooks to respond to potential threats or misconfigurations.
Classifiers
| Name | Description |
|---|---|
Lacework - Classifier | Lacework Incident Classifier |
Lacework - Incoming Mapper | Lacework Mapper for incidents |
Incident Fields
| Name | Description |
|---|---|
Lacework Event ID | The ID of the Lacework event. |
Lacework Event Actor | The 'Actor' that generated the Lacework event. |
Lacework Recommendation Title | The Title of the recommendation which generated a compliance violation event within Lacework. |
Lacework Event Model | The 'Model' within the 'Actor' category that generated the Lacework event. |
Lacework Event Type | The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event. |
Lacework Recommendation ID | The ID of the recommendation which generated a compliance violation event within Lacework. |
Lacework Recommendation Account Alias | The cloud service provider 'Account Alias' associated with the compliance violation. |
Lacework Recommendation Account ID | The cloud service provider 'Account ID' associated with the compliance violation. |
Incident Types
| Name | Description |
|---|---|
Lacework Alert | |
Lacework Event |
Integrations
| Name | Description |
|---|---|
| Lacework (Community Contribution) | Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers. |
Classifiers
| Name | Description |
|---|---|
Lacework - Classifier | Lacework Incident Classifier |
Lacework - Incoming Mapper | Lacework Mapper for incidents |
Incident Fields
| Name | Description |
|---|---|
Lacework Event Type | The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event. |
Lacework Event Model | The 'Model' within the 'Actor' category that generated the Lacework event. |
Lacework Event Actor | The 'Actor' that generated the Lacework event. |
Lacework Recommendation Account Alias | The cloud service provider 'Account Alias' associated with the compliance violation. |
Lacework Event ID | The ID of the Lacework event. |
Lacework Recommendation Title | The Title of the recommendation which generated a compliance violation event within Lacework. |
Lacework Recommendation Account ID | The cloud service provider 'Account ID' associated with the compliance violation. |
Lacework Recommendation ID | The ID of the recommendation which generated a compliance violation event within Lacework. |
Incident Types
| Name | Description |
|---|---|
Lacework Event | |
Lacework Alert |
Integrations
| Name | Description |
|---|---|
| Lacework (Community Contribution) | Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers. |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Common Types | By: Cortex XSOAR |
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
2.0.0 - R828628 (February 14, 2024)
- 23562
- 24436
Download
Classifiers
Lacework - Classifier
- Updated default incident type to 'Lacework Alert'
Incident Fields
- Lacework Recommendation Account ID
- Lacework Recommendation ID
- Lacework Recommendation Title
- Lacework Recommendation Account Alias
Incident Types
- New: Lacework Alert
Integrations
Lacework
- Lacework API calls are now migrated to APIv2
- XSOAR Incidents are now derived from Lacework Alerts, rather than Events
- Updated the Docker image to: demisto/lacework:1.0.0.47313.
Mappers
Lacework - Incoming Mapper
- Added new Lacework Alert fields
- 23562
- 24436
Download
1.1.2 - 2355875 (February 3, 2022)
Incident Fields
- Lacework Event Type
1.1.1 - R2146019 (December 21, 2021)
Classifiers
Fix: Lacework
- Fixed severity transformation in Lacework Incident Classifier (Available from Cortex XSOAR 5.0.0).
Mappers
Fix: Lacework - Incoming Mapper
- Fixed severity transformation in Lacework - Incoming Mapper (Available from Cortex XSOAR 6.0.0).
Integrations
Lacework
- Added debug logs.
1.1.0 - 1773929 (October 10, 2021)
Classifiers
New: Lacework - Classifier
- Lacework Incident Classifier (Available from Cortex XSOAR 6.0.0).
New: Lacework
- Lacework Incident Classifier (Available from Cortex XSOAR 5.0.0).
Incident Fields
- Lacework Event ID
- The ID of the Lacework event.
- Lacework Event Actor
- The 'Actor' that generated the Lacework event. (App, Compliance, File, User, etc.)
- Lacework Event Model
- The 'Model' within the 'Actor' category that generated the Lacework event. (AwsCompliance, PTypeConn, SystemRule, etc.)
- Lacework Event Type
- The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event.
- Lacework Recommendation ID
- The ID of the recommendation which generated a compliance violation event within Lacework.
- Lacework Recommendation Title
- The Title of the recommendation which generated a compliance violation event within Lacework.
- Lacework Recommendation Account ID
- The cloud service provider 'Account ID' (ex. AWS account number) associated with the compliance violation.
- Lacework Recommendation Account Alias
- The cloud service provider 'Account Alias' (ex. AWS account alias) associated with the compliance violation.
Incident Types
- **Lacework Event **
Integrations
Lacework
- Added support for Lacework Organizations and Sub-Accounts
- Updated the Docker image to: demisto/lacework:1.0.0.24154.
Mappers
New: Lacework - Incoming Mapper
- Added mapper to automatically populate new Incident Fields (Available from Cortex XSOAR 6.0.0).
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Supported By | Community | |
| Created | September 30, 2020 | |
| Last Release | February 14, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
