Machine
Lacework generates machine-based alerts when there are machine-related vulnerabilities detected. You can define alert rules to trigger alerts when machine-related vulnerabilities are found. See Alert Rules.
Alert List
The following table lists all the machine-based alerts.
Alert Name | Alert Type | Event Model | Alert Subcategory | Connection |
---|---|---|---|---|
Bad external client DNS | NewExternalClientBadDns | MtypeConn | Machine | Domain -> Machine |
Bad external client IP address | NewExternalClientBadIp | MtypeConn | Machine | IP -> Machine |
Real-time bad external client IP address | NewExternalClientBadIp | MtypeConn | Machine | |
New external client DNS | NewExternalClientDns | MtypeConn | Machine | IP -> Machine |
New external client IP address | NewExternalClientIp | MtypeConn | Machine | IP -> Machine |
Bad external host | NewExternalServerBadDns | MtypeConn | Machine | Machine -> Domain |
Real-time bad external server host | NewExternalServerBadDns | MtypeConn | Machine | |
Bad external server IP address | NewExternalServerBadIp | MtypeConn | Machine | Machine -> IP |
Real-time bad external server IP address | NewExternalServerBadIp | MtypeConn | Machine | |
New external host | NewExternalServerDns | MtypeConn | Machine | Machine -> Domain |
New external host | NewExternalServerIp | MtypeConn | Machine | Machine -> Domain |
New external server IP address | NewExternalServerIp | MtypeConn | Machine | Machine -> IP |
Suppress an Alert
Suppressing specific machine-related alerts reduces the number of alerts and allows you to focus on the assets that are most important to you. For details, see Suppress Behavior Anomaly Alerts.