This pack enables you to interact with the Lacework cloud security platform. The primary function is to allow users to
fetch incident data from Lacework, and construct playbooks to respond to potential threats or misconfigurations.
Lacework
- Details
- Content
- Dependencies
- Version History
Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.
Incident Types
| Name | Description |
|---|---|
Lacework Event |
Integrations
| Name | Description |
|---|---|
| Lacework (Community Contribution) | Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers. |
Classifiers
| Name | Description |
|---|---|
Lacework - Classifier | Lacework Incident Classifier |
Lacework - Incoming Mapper | Lacework Mapper for incidents |
Incident Fields
| Name | Description |
|---|---|
Lacework Recommendation Account Alias | The cloud service provider 'Account Alias' associated with the compliance violation. |
Lacework Recommendation Account ID | The cloud service provider 'Account ID' associated with the compliance violation. |
Lacework Event Actor | The 'Actor' that generated the Lacework event. |
Lacework Recommendation ID | The ID of the recommendation which generated a compliance violation event within Lacework. |
Lacework Event Model | The 'Model' within the 'Actor' category that generated the Lacework event. |
Lacework Event ID | The ID of the Lacework event. |
Lacework Event Type | The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event. |
Lacework Recommendation Title | The Title of the recommendation which generated a compliance violation event within Lacework. |
Incident Types
| Name | Description |
|---|---|
Lacework Event |
Integrations
| Name | Description |
|---|---|
| Lacework (Community Contribution) | Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers. |
Classifiers
| Name | Description |
|---|---|
Lacework - Classifier | Lacework Incident Classifier |
Lacework - Incoming Mapper | Lacework Mapper for incidents |
Incident Fields
| Name | Description |
|---|---|
Lacework Recommendation Account Alias | The cloud service provider 'Account Alias' associated with the compliance violation. |
Lacework Recommendation Account ID | The cloud service provider 'Account ID' associated with the compliance violation. |
Lacework Event Actor | The 'Actor' that generated the Lacework event. |
Lacework Recommendation ID | The ID of the recommendation which generated a compliance violation event within Lacework. |
Lacework Event Model | The 'Model' within the 'Actor' category that generated the Lacework event. |
Lacework Event ID | The ID of the Lacework event. |
Lacework Event Type | The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event. |
Lacework Recommendation Title | The Title of the recommendation which generated a compliance violation event within Lacework. |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (0)
| Pack Name | Pack By |
|---|
1.1.2 - 2355875 (February 3, 2022)
Incident Fields
- Lacework Event Type
1.1.1 - R2146019 (December 21, 2021)
Classifiers
Fix: Lacework
- Fixed severity transformation in Lacework Incident Classifier (Available from Cortex XSOAR 5.0.0).
Mappers
Fix: Lacework - Incoming Mapper
- Fixed severity transformation in Lacework - Incoming Mapper (Available from Cortex XSOAR 6.0.0).
Integrations
Lacework
- Added debug logs.
1.1.0 - 1773929 (October 10, 2021)
Classifiers
New: Lacework - Classifier
- Lacework Incident Classifier (Available from Cortex XSOAR 6.0.0).
New: Lacework
- Lacework Incident Classifier (Available from Cortex XSOAR 5.0.0).
Incident Fields
- Lacework Event ID
- The ID of the Lacework event.
- Lacework Event Actor
- The 'Actor' that generated the Lacework event. (App, Compliance, File, User, etc.)
- Lacework Event Model
- The 'Model' within the 'Actor' category that generated the Lacework event. (AwsCompliance, PTypeConn, SystemRule, etc.)
- Lacework Event Type
- The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event.
- Lacework Recommendation ID
- The ID of the recommendation which generated a compliance violation event within Lacework.
- Lacework Recommendation Title
- The Title of the recommendation which generated a compliance violation event within Lacework.
- Lacework Recommendation Account ID
- The cloud service provider 'Account ID' (ex. AWS account number) associated with the compliance violation.
- Lacework Recommendation Account Alias
- The cloud service provider 'Account Alias' (ex. AWS account alias) associated with the compliance violation.
Incident Types
- **Lacework Event **
Integrations
Lacework
- Added support for Lacework Organizations and Sub-Accounts
- Updated the Docker image to: demisto/lacework:1.0.0.24154.
Mappers
New: Lacework - Incoming Mapper
- Added mapper to automatically populate new Incident Fields (Available from Cortex XSOAR 6.0.0).
1.0.2 - R275462 (February 8, 2021)
Integrations
Lacework
- Added a Recommendation ID filter for compliance report data.
- Added NIST_800-171_Rev2 AWS Compliance Report option.
- Upgraded the Docker image to demisto/lacework:1.0.0.14553
PUBLISHER
Alan Nix
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Supported By | Community | |
| Created | September 30, 2020 | |
| Last Release | November 8, 2022 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
