Edit and View a Custom Policy
You can view custom LQL and non-LQL policies through the Lacework Console, as well as edit query and context for non-LQL policies through the Lacework Console.
View and Edit a Custom Policy
Lacework displays all LQL and non-LQL policies for your account on the Lacework Console. You can view details for any LQL and non-LQL policy and edit non-LQL policies directly through the Lacework Console.
Log in to the Lacework Console and go to Policies.
Click a specific policy to view the policy's parameters and query string. The Summary tab displays parameters associated with this policy.
For a non-LQL policy, you can edit any of the parameters for this policy on this tab. For information about policy parameters, see Create a New Custom Policy. Non-LQL policies are fully editable through the Lacework Console, while LQL policies (labeled as read-only) support only enabling or disabling of the policy.
Click Save to save your changes to this policy.
View and Edit the Query for a Policy
Lacework displays the query associated with each policy on the Lacework Console. You can view the query for any custom LQL and non-LQL policy and edit the query string for any non-LQL policy directly through the Lacework Console.
Log in to the Lacework Console and go to Policies.
Click a specific policy. To view the query for this policy, click the Query tab.
For a non-LQL policy, you can edit the query for this policy through the Query tab. Non-LQL policy queries are editable through this tab, while LQL policies (labeled as read-only) only display the query string and are not editable through the Lacework Console.
For example, you can add an additional policy expression and associated conditions to your non-LQL policy.
Click Save to save your changes to this query.
View Contextual Information Associated with a Policy
Lacework displays the additional information and remediation for LQL policies when available.
Log in to the Lacework Console and go to Policies.
Click a specific policy.
To view the contextual information for this policy, click the Context tab.
View the Number of Alerts for a Policy
Lacework displays the number of alerts associated with each LQL policy in the Lacework Console. Non-LQL policies do not display the number of alerts.
Log in to the Lacework Console and go to Policies.
Click a specific LQL policy. The Summary tab displays the number of alerts within the past 7 days, as well as the percentage change in the number of alerts associated with this policy.
Download the CSV File for Exceptions
You can download the exceptions as a CSV file for a specific compliance policy directly on the Lacework Console.
Log in to the Lacework Console and go to Policies.
Click a specific non-LQL compliance policy and click the Exception tab. A list of exceptions appear for this policy.
Click the Download icon.
Examine your downloaded CSV file.