Compliance Reports
The Lacework cloud security platform provides continuous compliance monitoring against cloud security best practices and compliance standards such as CIS, PCI DSS, SOC II, and HIPAA benchmark standards.
Compliance reports run automatically within the Lacework platform on a regular basis, typically once a day. You can use the lacework compliance command to interact with the three major cloud providers we support, AWS, Google Cloud, and Azure Cloud.
To integrate code to onboard one or more cloud accounts.
lacework generate cloud-account [cloud]
To configure the integration via the Lacework Console, log in to your account at:
https://<ACCOUNT>.lacework.net
Then navigate to Settings > Integrations > Cloud Accounts.
Compliance for AWS
List Configured Accounts
To list all AWS accounts configured in your account.
lacework compliance aws list
Get Compliance Report
To visualize a compliance report for an AWS account.
lacework compliance aws get-report <account_id>
- Extend the details of a compliance report by providing the
--detailsflag - Download the report in PDF format by specifying the
--pdfflag - Output the report in CSV format with the
--csvflag - Filter the recommendations table with
--category,--severity,--status,--serviceflags - To work with a different report type, use the
--typeflag (default report type is CIS)
To use filtering flags on a compliance report.
lacework compliance aws get-report <account_id> --category s3 --status non-compliant --severity high
To show recommendation details and affected resources for a recommendation ID.
lacework compliance aws get-report <account_id> [recommendation_id]
Compliance for Google Cloud
List Configured Organizations/Projects
To list all GCP organizations and projects configured in your account.
lacework compliance gcp list
note
When integrating single GCP projects, this command displays the organization ID as n/a, which must be used as a parameter in subsequent commands as the <organization_id>.
Get Compliance Report
To visualize a compliance report for a GCP project.
lacework compliance gcp get-report <organization_id> <project_id>
- Extend the details of a compliance report by providing the
--detailsflag - Download the report in PDF format by specifying the
--pdfflag - Output the report in CSV format with the
--csvflag - Filter the recommendations table with
--category,--severity,--status,--serviceflags - To work with a different report type, use the
--typeflag (default report type is CIS)
To use filtering flags on a compliance report.
lacework compliance gcp get-report <organization_id> <project_id> --category networking --status non-compliant --severity high
To show recommendation details and affected resources for a recommendation id.
lacework compliance gcp get-report <organization_id> <project_id> [recommendation_id]
Compliance for Azure Cloud
List Configured Tenants/Subscriptions
To list all Azure tenants and subscriptions configured in your account.
lacework compliance azure list
Get Compliance Report
To visualize a compliance report for an Azure subscription.
lacework compliance azure get-report <tenant_id> <subscription_id>
- Extend the details of a compliance report by providing the
--detailsflag - Download the report in PDF format by specifying the
--pdfflag - Output the report in CSV format with the
--csvflag - Filter the recommendations table with
--category,--severity,--status,--serviceflags - To work with a different report type, use the
--typeflag (default report type is CIS)
To use filtering flags on a compliance report.
lacework compliance azure get-report <tenant_id> <subscription_id> --category storage --status non-compliant --severity high
To show recommendation details and affected resources for a recommendation id.
lacework compliance azure get-report <tenant_id> <subscription_id> [recommendation_id]