June 2020 Platform Releases
v3.30
Host Vulnerability Assessment—This feature is currently in general beta and requires Lacework agent version 2.12.1 or later (agent 2.12.1 release notes are available here.
Lacework host vulnerability assessment can continuously identify, monitor, and prioritize remediation of software vulnerabilities within your Linux host assets. Capabilities include:* Daily host vulnerability assessments of operating system-managed packages and reporting of any vulnerabilities via the new Host Vulnerability Assessment page and reports in the Lacework Console
* Identification of OS packages and correlation with publicly known vulnerabilities with risk ratings by severity and CVSS scoresFor more information, see Host Vulnerability Assessment Overview.
Support for the following Vulnerability API operations:
* **POST /api/v1/external/vulnerabilities/scan**—Lists the common vulnerabilities and exposures (CVEs) for a specified host.
* **GET /api/v1/external/vulnerabilities/host/machineId/{MachineId}**—Request an on-demand vulnerability assessment of your software packages.The Lacework API documentation is available directly from your Lacework Application at the following URI: https://YourLacework.lacework.net/api/v1/external/docs, where YourLacework is your Lacework Application. From the Help drop-down in the Lacework Console, select API Documentation. For more information, see Access and Run the Lacework API.
v3.22
- Container Vulnerability Assessment Alerts for Running Containers—Container vulnerability alerts now include whether the impacted images are active or privileged. When customizing vulnerability policies, two new parameters are available: Image Active and Image Privileged.
- New LW_S3_20 recommendation—Support for the new LW_S3_20 recommendation that checks if the S3 policy associated with a S3 bucket gives 'Allow' for global 'List' permission to everyone.