Skip to main content

March 2020 Platform Releases

New Features

v3.10

  • JFrog and Azure Container Registry Integration Support—Lacework’s Docker V2 registry integration now supports the following registries. For more information, see Container Vulnerability Assessment Overview.

    • Azure Container Registry
    • JFrog Artifactory on prem 7.2.1 and cloud deployments
    • JFrog Platform on prem 7.2.1 and cloud deployments
  • Limiting Container Vulnerability Assessments by Tag or Label—When integrating a container registry, you can limit which images Lacework assesses. If you specify text for an image tag or image label, then only those images with matching tag or label text are assessed by Lacework.

  • ISO 27001 Report—AWS compliance reports now include an ISO 27001 report.

  • Host Vulnerability API—This feature is currently in invitation only, limited beta. For the API Get /api/v1/external/vulnerabilities/host and Get /api/v1/external/vulnerabilities/host/{CveId} operations, the following new fields have been added to the response in the last two Lacework releases:

    * **cve_link**—The URL link to a web page that provides details about the CVE.
    * **cvss_score**—The CVSS (Common Vulnerability Scoring System) severity rankings score for the detected vulnerability. Defaults to CVSSv3 scores or CVSSv2 if v3 scores are not available. For both CVSS 3.0 and CVSS 2.0, the severity ranking is a scale from 0 - 10, where 10 is the highest severity. For more information, see[Vulnerability Severity Attribution](/console/container-vulnerability-assessment-overview#severity-attribution).
    * **cvss_v3_score**—The CVSS 3.0 score for the vulnerability if this data is available. The severity ranking is a scale from 0 - 10, where 10 is the highest severity.
    * **cvss_v2_score**—The CVSS 2.0 score for the vulnerability if this data is available. The severity ranking is a scale from 0 - 10, where 10 is the highest severity.
    * **status**—The current status of the vulnerability on this host for a specific package and package version:
    * **New**—This vulnerability was detected by the most current vulnerability scan for a specific host, package, and package version and within the last 30 days, this vulnerability has not been detected by a scan for a specific host, package, and package version.
    * **Active**—Within the last 30 days, this vulnerability was detected by more than one vulnerability scan for a specific host, package, and package version.
    * **Fixed**—This vulnerability has not been detected by the last vulnerability scan of this host for a specific package and package version. Within the last 30 days, this vulnerability had been detected by a vulnerability scan of this host for a specific package and package version. Lacework keeps 30 days of fixed status even if the vulnerability no longer exists on the host.

    WARNING: The CVE statuses of Resolved and Reopened are no longer supported.

v3.03 Release

  • GitLab Integration Support—Lacework’s Docker V2 registry integration now supports GitLab 12.8. For more information, see https://support.lacework.com/hc/en-us/articles/360035472393-Container-Vulnerability-Assessments.
  • Docker V2 Registry Self-signed Certificate Support—Lacework’s Docker V2 registry integration now supports self-signed certificates as an alternative to certificates issued by a trusted Certificate Authority.
  • Group Events by Resources in the ServiceNow Alert Channel—Support for configuring the ServiceNow Alert Channel to create multiple ServiceNow events when multiple resources are generating the same event. For example, if three different S3 resources are generating the same event, three AWS events are created in the ServiceNow security incident response system. For more information, see https://support.lacework.com/hc/en-us/articles/360005842314.
  • Populate Fields in ServiceNow Alert Channel—Support for configuring the ServiceNow Alert Channel to populate ServiceNow fields with values from a custom template when the Alert Channel creates new ServiceNow security incidents. For more information, see https://support.lacework.com/hc/en-us/articles/360005842314.
  • Source Details for Malicious IP Events—Malicious IP events can now include the source that reported the entity as a threat and the date it was reported. The event displays this information in the Why section. CloudTrail and agent events also display this information in the Where section. Threat source information is available for future events only (events that occur after the Lacework v3.03 release).
  • Viewing Fixable Container Vulnerabilities Only—Container vulnerability reports now have an option to show only fixable vulnerabilities.