Skip to main content

Edit and View a Custom Policy

You can view custom LQL and non-LQL policies through the Lacework Console, as well as edit query and context for non-LQL policies through the Lacework Console.

View and Edit a Custom Policy

Lacework displays all LQL and non-LQL policies for your account on the Lacework Console. You can view details for any LQL and non-LQL policy and edit non-LQL policies directly through the Lacework Console.

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific policy to view the policy's parameters and query string. The Summary tab displays parameters associated with this policy.

    Policy summary tab

  3. For a non-LQL policy, you can edit any of the parameters for this policy on this tab. For information about policy parameters, see Create a New Custom Policy. Non-LQL policies are fully editable through the Lacework Console, while LQL policies (labeled as read-only) support only enabling or disabling of the policy.

    Edit Policy Parameters

  4. Click Save to save your changes to this policy.

View and Edit the Query for a Policy

Lacework displays the query associated with each policy on the Lacework Console. You can view the query for any custom LQL and non-LQL policy and edit the query string for any non-LQL policy directly through the Lacework Console.

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific policy. To view the query for this policy, click the Query tab.

    Query tab

  3. For a non-LQL policy, you can edit the query for this policy through the Query tab. Non-LQL policy queries are editable through this tab, while LQL policies (labeled as read-only) only display the query string and are not editable through the Lacework Console.

    Editable Query tab

    For example, you can add an additional policy expression and associated conditions to your non-LQL policy.

    Add a New Expression for a Query

  4. Click Save to save your changes to this query.

View Contextual Information Associated with a Policy

Lacework displays the additional information and remediation for LQL policies when available.

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific policy.

  3. To view the contextual information for this policy, click the Context tab.

    Query tab

View the Number of Alerts for a Policy

Lacework displays the number of alerts associated with each LQL policy in the Lacework Console. Non-LQL policies do not display the number of alerts.

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific LQL policy. The Summary tab displays the number of alerts within the past 7 days, as well as the percentage change in the number of alerts associated with this policy.

    Number of Alerts for Policy

Download the CSV File for Exceptions

You can download the exceptions as a CSV file for a specific compliance policy directly on the Lacework Console.

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific non-LQL compliance policy and click the Exception tab. A list of exceptions appear for this policy.

  3. Click the Download icon.

  4. Examine your downloaded CSV file.

    Sample CSV file of Exceptions