Skip to main content

Machine

Lacework generates machine-based alerts when there are machine-related vulnerabilities detected. You can define alert rules to trigger alerts when machine-related vulnerabilities are found. See Alert Rules.

Alert List

The following table lists all the machine-based alerts.

Alert NameAlert TypeEvent ModelAlert SubcategoryConnection
Bad external client DNSNewExternalClientBadDnsMtypeConnMachineDomain -> Machine
Bad external client IP addressNewExternalClientBadIpMtypeConnMachineIP -> Machine
Real-time bad external client IP addressNewExternalClientBadIpMtypeConnMachine
New external client DNSNewExternalClientDnsMtypeConnMachineIP -> Machine
New external client IP addressNewExternalClientIpMtypeConnMachineIP -> Machine
Bad external hostNewExternalServerBadDnsMtypeConnMachineMachine -> Domain
Real-time bad external server hostNewExternalServerBadDnsMtypeConnMachine
Bad external server IP addressNewExternalServerBadIpMtypeConnMachineMachine -> IP
Real-time bad external server IP addressNewExternalServerBadIpMtypeConnMachine
New external hostNewExternalServerDnsMtypeConnMachineMachine -> Domain
New external hostNewExternalServerIpMtypeConnMachineMachine -> Domain
New external server IP addressNewExternalServerIpMtypeConnMachineMachine -> IP

Suppress an Alert

Suppressing specific machine-related alerts reduces the number of alerts and allows you to focus on the assets that are most important to you. For details, see Suppress Behavior Anomaly Alerts.