Skip to main content

Reports Overview

Lacework provides you with the ability to drill-down into details about non-compliant resources that are in violation. To populate the data viewed on the Reports page, you must configure at least one cloud integration with AWS, Azure, or GCP.

reports.png

By default, the Reports page displays all available reports. You can use the following methods to refine the list of reports displayed:

  • Use filters to display a subset of specific reports. Click the filter groups along the top of the page to display the list of filters associated with the selected filter group, then select the filters that you want to apply.

  • Use the search function at the top of the page to find a subset of specific reports.

  • Use the time filter to display a subset of specific reports based on when they were generated.

When the page displays your desired reports, you can save the current view by clicking the Save view icon in the top right corner. This lets you access the saved view later through the Open view icon. When you open a saved view, its name displays in the page title as Reports/view name. You can also copy the link to the current view by clicking the Copy link icon. You can then send that link to others, so they can see the same view.

When you star a saved view, you mark them as important. To view the list of all the starred views, click the Save view icon in the top-right corner, then click the Starred drop-down.

To view the list of saved views that are open regularly, click the Save view icon in the top-right corner.

Reports List

The reports list is below the filters. The list includes the following information:

  • Report configuration - The collection of Lacework-defined reports.
  • Cloud provider - The cloud provider of the assessed accounts such as AWS, GCP or Azure.
  • Account - The cloud account that Lacework assessed and reported.
  • Report time - The evaluation time of the report.

The list allows you to refresh data and select the visible columns.

note

Report evaluations run daily at 12AM.

Available Reports

Lacework includes the built-in reports listed below. You can supplement the Lacework-defined reports with your own custom reports. For information on creating custom reports, see Custom Compliance Policies.

AWS Lacework-Defined Reports

  • AWS CIS 1.4.0 Benchmark
    • AWS Cloud Security Alliance Cloud Control Matrix (CSA CCM) v4.0.5 (includes CIS 1.4.0 policies)
    • AWS Cyber Essentials 2.2 Report (includes CIS 1.4.0 policies)
    • AWS ISO/IEC 27002:2022 (includes CIS 1.4.0 policies)
    • AWS Cybersecurity Maturity Model Certification (CMMC) v1.02 (includes CIS 1.4.0 policies)
    • AWS HIPAA Report (includes CIS 1.4.0 policies)
    • AWS ISO 27001:2013 Report (includes CIS 1.4.0 policies)
    • AWS NIST 800-171 rev2 Report (includes CIS 1.4.0 policies)
    • AWS NIST 800-53 rev5 Report (includes CIS 1.4.0 policies)
    • AWS NIST CSF (includes CIS 1.4.0 policies)
    • AWS PCI DSS 3.2.1 Report (includes CIS 1.4.0 policies)
    • AWS SOC 2 Report (includes CIS 1.4.0 policies)
    • AWS PCI DSS 4.0.0 Report (includes CIS 1.4.0 policies)
  • Lacework AWS Security Addendum 1.0

Azure Lacework-Defined Reports

  • CIS Azure Benchmark 1.5.0
    • Azure HIPAA Report (includes CIS 1.5.0 policies)
    • Azure ISO 27001:2013 Report (includes CIS 1.5.0 policies)
    • Azure NIST 800-171 rev2 Report (includes CIS 1.5.0 policies)
    • Azure NIST 800-53 rev5 Report (includes CIS 1.5.0 policies)
    • Azure NIST CSF Report (includes CIS 1.5.0 policies)
    • Azure PCI DSS 3.2.1 Report (includes CIS 1.5.0 policies)
    • Azure SOC 2 Report (includes CIS 1.5.0 policies)
    • Azure PCI DSS 4.0.0 Report (includes CIS 1.5.0 policies)

GCP Lacework-Defined Reports

  • CIS GCP Benchmark 1.3.0
    • GCP Cybersecurity Maturity Model Certification (CMMC) v1.02 (includes CIS 1.3.0 policies)
    • GCP HIPAA (2013) Report (includes CIS 1.3.0 policies)
    • GCP ISO 27001:2013 Report (includes CIS 1.3.0 policies)
    • GCP NIST 800-171 rev2 Report (includes CIS 1.3.0 policies)
    • GCP NIST 800-53 rev5 Report (includes CIS 1.3.0 policies)
    • GCP NIST CSF Report (includes CIS 1.3.0 policies)
    • GCP PCI DSS 3.2.1 Report (includes CIS 1.3.0 policies)
    • GCP SOC 2 Report (includes CIS 1.3.0 policies)
    • GCP PCI DSS 4.0.0 Report (includes CIS 1.3.0 policies)