Machine
Lacework generates machine-based alerts when there are machine-related vulnerabilities detected. You can define alert rules to trigger alerts when machine-related vulnerabilities are found. See Alert Rules.
Alert List
The following table lists all the machine-based alerts.
| Alert Name | Alert Type | Event Model | Alert Subcategory | Connection |
|---|---|---|---|---|
| Bad external client DNS | NewExternalClientBadDns | MtypeConn | Machine | Domain -> Machine |
| Bad external client IP address | NewExternalClientBadIp | MtypeConn | Machine | IP -> Machine |
| Real-time bad external client IP address | NewExternalClientBadIp | MtypeConn | Machine | |
| New external client DNS | NewExternalClientDns | MtypeConn | Machine | IP -> Machine |
| New external client IP address | NewExternalClientIp | MtypeConn | Machine | IP -> Machine |
| Bad external host | NewExternalServerBadDns | MtypeConn | Machine | Machine -> Domain |
| Real-time bad external server host | NewExternalServerBadDns | MtypeConn | Machine | |
| Bad external server IP address | NewExternalServerBadIp | MtypeConn | Machine | Machine -> IP |
| Real-time bad external server IP address | NewExternalServerBadIp | MtypeConn | Machine | |
| New external host | NewExternalServerDns | MtypeConn | Machine | Machine -> Domain |
| New external host | NewExternalServerIp | MtypeConn | Machine | Machine -> Domain |
| New external server IP address | NewExternalServerIp | MtypeConn | Machine | Machine -> IP |
Suppress an Alert
Suppressing specific machine-related alerts reduces the number of alerts and allows you to focus on the assets that are most important to you. For details, see Suppress Behavior Anomaly Alerts.