Lacework

Details
Content
Dependencies
Version History

Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

This pack enables you to interact with the Lacework cloud security platform. The primary function is to allow users to
fetch incident data from Lacework, and construct playbooks to respond to potential threats or misconfigurations.

Classifiers

Name	Description
Lacework - Classifier	Lacework Incident Classifier
Lacework - Incoming Mapper	Lacework Mapper for incidents

Incident Fields

Name	Description
Lacework Recommendation ID	The ID of the recommendation which generated a compliance violation event within Lacework.
Lacework Event Model	The 'Model' within the 'Actor' category that generated the Lacework event.
Lacework Recommendation Account ID	The cloud service provider 'Account ID' associated with the compliance violation.
Lacework Event Actor	The 'Actor' that generated the Lacework event.
Lacework Event Type	The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event.
Lacework Event ID	The ID of the Lacework event.
Lacework Recommendation Account Alias	The cloud service provider 'Account Alias' associated with the compliance violation.
Lacework Recommendation Title	The Title of the recommendation which generated a compliance violation event within Lacework.

Incident Types

Name	Description
Lacework Event
Lacework Alert

Integrations

Name	Description
Lacework (Community Contribution)	Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

Classifiers

Name	Description
Lacework - Classifier	Lacework Incident Classifier
Lacework - Incoming Mapper	Lacework Mapper for incidents

Incident Fields

Name	Description
Lacework Event Actor	The 'Actor' that generated the Lacework event.
Lacework Recommendation Account Alias	The cloud service provider 'Account Alias' associated with the compliance violation.
Lacework Recommendation Account ID	The cloud service provider 'Account ID' associated with the compliance violation.
Lacework Recommendation Title	The Title of the recommendation which generated a compliance violation event within Lacework.
Lacework Recommendation ID	The ID of the recommendation which generated a compliance violation event within Lacework.
Lacework Event Model	The 'Model' within the 'Actor' category that generated the Lacework event.
Lacework Event Type	The 'Event Type' within the 'Model' and 'Actor' categories that generated the Lacework event.
Lacework Event ID	The ID of the Lacework event.

Incident Types

Name	Description
Lacework Event
Lacework Alert

Integrations

Name	Description
Lacework (Community Contribution)	Lacework provides end-to-end cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers.

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

2.0.3 - R3380045 (May 12, 2025)

Integrations

Metadata and documentation improvements.

Related pull requests:
- 39144

Download

2.0.2 - R2988527 (March 26, 2025)

Integrations

Lacework

Updated the Docker image to: demisto/lacework:1.0.0.117192.

Related pull requests:
- 38288
- 38283
- 38281
- 38280
- 38279
- 38278
- 38276
- 38275
- 38274
- 38272
- 38271
- 38273
- 38277
- 38282

Download

2.0.1 - R1741355 (December 3, 2024)

Integrations

Lacework

Updated the Docker image to: demisto/lacework:1.0.0.100340.

Related pull requests:
- 35185
- 35145
- 35144
- 35146
- 35147

Download

2.0.0 - R1129454 (June 27, 2024)

Classifiers

Lacework - Classifier

Updated default incident type to 'Lacework Alert'

Incident Fields

Lacework Recommendation Account ID
Lacework Recommendation ID
Lacework Recommendation Title
Lacework Recommendation Account Alias

Incident Types

New: Lacework Alert

Integrations

Lacework

Lacework API calls are now migrated to APIv2
XSOAR Incidents are now derived from Lacework Alerts, rather than Events
Updated the Docker image to: demisto/lacework:1.0.0.47313.

Mappers

Lacework - Incoming Mapper

Added new Lacework Alert fields

Related pull requests:
- 35084
- 34779

Download

1.1.3 - R3994332 (November 8, 2022)

Incident Fields

Lacework Event Type

Related pull requests:
- 17510

Download

2.0.3 - R3386461 (May 12, 2025)

Integrations

Lacework

Metadata and documentation improvements.

Related pull requests:
- 39144

Download

2.0.2 - R2988527 (March 26, 2025)

Integrations

Lacework

Updated the Docker image to: demisto/lacework:1.0.0.117192.

Related pull requests:
- 38288
- 38283
- 38281
- 38280
- 38279
- 38278
- 38276
- 38275
- 38274
- 38272
- 38271
- 38273
- 38277
- 38282

Download

2.0.1 - R1741355 (December 3, 2024)

Integrations

Lacework

Updated the Docker image to: demisto/lacework:1.0.0.100340.

Related pull requests:
- 35185
- 35145
- 35144
- 35146
- 35147

Download

2.0.0 - R1129454 (June 27, 2024)

Classifiers

Lacework - Classifier

Updated default incident type to 'Lacework Alert'

Incident Fields

Lacework Recommendation Account ID
Lacework Recommendation ID
Lacework Recommendation Title
Lacework Recommendation Account Alias

Incident Types

New: Lacework Alert

Integrations

Lacework

Lacework API calls are now migrated to APIv2
XSOAR Incidents are now derived from Lacework Alerts, rather than Events
Updated the Docker image to: demisto/lacework:1.0.0.47313.

Mappers

Lacework - Incoming Mapper

Added new Lacework Alert fields

Related pull requests:
- 35084
- 34779

Download

1.1.3 - R3990696 (November 7, 2022)

Incident Fields

Lacework Event Type

Related pull requests:
- 17510

Download

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	August 19, 2020
Last Release	May 12, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.