Lacework

Details
Content
Dependencies
Version History

Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

This pack enables you to interact with the Lacework cloud security platform. The primary function is to allow users to
fetch incident data from Lacework, and construct playbooks to respond to potential threats or misconfigurations.

Classifiers

Name	Description
Lacework - Classifier	Lacework Incident Classifier
Lacework - Incoming Mapper	Lacework Mapper for incidents

Incident Fields

Name	Description
Lacework Recommendation Account ID	The cloud service provider 'Account ID' associated with the compliance violation.
Lacework Event Type	The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event.
Lacework Event Model	The 'Model' within the 'Actor' category that generated the Lacework event.
Lacework Event Actor	The 'Actor' that generated the Lacework event.
Lacework Recommendation Account Alias	The cloud service provider 'Account Alias' associated with the compliance violation.
Lacework Recommendation Title	The Title of the recommendation which generated a compliance violation event within Lacework.
Lacework Recommendation ID	The ID of the recommendation which generated a compliance violation event within Lacework.
Lacework Event ID	The ID of the Lacework event.

Incident Types

Name	Description
Lacework Event
Lacework Alert

Integrations

Name	Description
Lacework (Community Contribution)	Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

Classifiers

Name	Description
Lacework - Classifier	Lacework Incident Classifier
Lacework - Incoming Mapper	Lacework Mapper for incidents

Incident Fields

Name	Description
Lacework Event Type	The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event.
Lacework Event Actor	The 'Actor' that generated the Lacework event.
Lacework Recommendation ID	The ID of the recommendation which generated a compliance violation event within Lacework.
Lacework Recommendation Account ID	The cloud service provider 'Account ID' associated with the compliance violation.
Lacework Event ID	The ID of the Lacework event.
Lacework Recommendation Title	The Title of the recommendation which generated a compliance violation event within Lacework.
Lacework Recommendation Account Alias	The cloud service provider 'Account Alias' associated with the compliance violation.
Lacework Event Model	The 'Model' within the 'Actor' category that generated the Lacework event.

Incident Types

Name	Description
Lacework Alert
Lacework Event

Integrations

Name	Description
Lacework (Community Contribution)	Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

2.0.5 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

2.0.4 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

2.0.3 - R3380045 (May 12, 2025)

Integrations

Metadata and documentation improvements.

Related pull requests:
- 39144

Download

2.0.2 - R2988527 (March 26, 2025)

Integrations

Lacework

Updated the Docker image to: demisto/lacework:1.0.0.117192.

Related pull requests:
- 38288
- 38283
- 38281
- 38280
- 38279
- 38278
- 38276
- 38275
- 38274
- 38272
- 38271
- 38273
- 38277
- 38282

Download

2.0.1 - R1741355 (December 3, 2024)

Integrations

Lacework

Updated the Docker image to: demisto/lacework:1.0.0.100340.

Related pull requests:
- 35185
- 35145
- 35144
- 35146
- 35147

Download

2.0.0 - R1129454 (June 27, 2024)

Classifiers

Lacework - Classifier

Updated default incident type to 'Lacework Alert'

Incident Fields

Lacework Recommendation Account ID
Lacework Recommendation ID
Lacework Recommendation Title
Lacework Recommendation Account Alias

Incident Types

New: Lacework Alert

Integrations

Lacework

Lacework API calls are now migrated to APIv2
XSOAR Incidents are now derived from Lacework Alerts, rather than Events
Updated the Docker image to: demisto/lacework:1.0.0.47313.

Mappers

Lacework - Incoming Mapper

Added new Lacework Alert fields

Related pull requests:
- 35084
- 34779

Download

1.1.3 - R3994332 (November 8, 2022)

Incident Fields

Lacework Event Type

Related pull requests:
- 17510

Download

2.0.5 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

2.0.4 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

2.0.3 - R3386461 (May 12, 2025)

Integrations

Lacework

Metadata and documentation improvements.

Related pull requests:
- 39144

Download

2.0.2 - R2988527 (March 26, 2025)

Integrations

Lacework

Updated the Docker image to: demisto/lacework:1.0.0.117192.

Related pull requests:
- 38288
- 38283
- 38281
- 38280
- 38279
- 38278
- 38276
- 38275
- 38274
- 38272
- 38271
- 38273
- 38277
- 38282

Download

2.0.1 - R1741355 (December 3, 2024)

Integrations

Lacework

Updated the Docker image to: demisto/lacework:1.0.0.100340.

Related pull requests:
- 35185
- 35145
- 35144
- 35146
- 35147

Download

2.0.0 - R1129454 (June 27, 2024)

Classifiers

Lacework - Classifier

Updated default incident type to 'Lacework Alert'

Incident Fields

Lacework Recommendation Account ID
Lacework Recommendation ID
Lacework Recommendation Title
Lacework Recommendation Account Alias

Incident Types

New: Lacework Alert

Integrations

Lacework

Lacework API calls are now migrated to APIv2
XSOAR Incidents are now derived from Lacework Alerts, rather than Events
Updated the Docker image to: demisto/lacework:1.0.0.47313.

Mappers

Lacework - Incoming Mapper

Added new Lacework Alert fields

Related pull requests:
- 35084
- 34779

Download

1.1.3 - R3990696 (November 7, 2022)

Incident Fields

Lacework Event Type

Related pull requests:
- 17510

Download

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	August 19, 2020
Last Release	March 22, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.