April 2021 Platform Releases
v3.91
Proxy scanner—This feature is currently in beta.
The Lacework proxy scanner integration allows Lacework to perform container vulnerability assessments for your on-premises Docker container image registries without exposing them to external connectivity. The Lacework proxy scanner assesses the images stored within registries, extracts image manifest data, as necessary, for assessment, and sends the application metadata to the Lacework platform. Additionally, the bandwidth transfer costs for container registry assessment are optimized when using the Lacework proxy scanner for vulnerability assessment.
After creating a proxy scanner integration through the Lacework Console settings, you deploy the proxy scanner as a Docker application or Kubernetes workload in your environment as a continuous running entity. The proxy scanner continuously fetches new images from your environment and collects the required image metadata for vulnerability assessments. Using the associated integration token that was created when you integrated the proxy scanner in the Lacework Console, the proxy scanner initiates an API request for assessment by Lacework. After the token is authorized, Lacework assesses the image meta data and provides risk assessments for the container images. You can view the results on the Vulnerability Assessment page in the Lacework Console.
For information about completing the proxy scanner integration process and deploying the proxy scanner, see Integrate Proxy Scanner. For information about viewing assessment information, see Container Vulnerability Assessment Overview.
Support for Recommendation API operations—The following recommendation APIs return recommendation IDs and allow you to enable/disable specific recommendation IDs:
- GET /api/v1/external/recommendations/aws
- PATCH /api/v1/external/recommendations/aws
- GET /api/v1/external/recommendations/gcp
- PATCH /api/v1/external/recommendations/gcp
- GET /api/v1/external/recommendations/azure
- PATCH /api/v1/external/recommendations/azure
For more information, see the Lacework API documentation.
Support for Suppression API operations—The following suppression APIs return suppression exceptions and allow you to create/delete suppression exceptions:
- GET /api/v1/external/suppressions/aws/allExceptions
- GET /api/v1/external/suppressions/gcp/allExceptions
- GET /api/v1/external/suppressions/azure/allExceptions
- GET /api/v1/external/suppressions/aws/allExceptions/{RECOMMENDATION_ID}
- GET /api/v1/external/suppressions/gcp/allExceptions/{RECOMMENDATION_ID}
- GET /api/v1/external/suppressions/azure/allExceptions/{RECOMMENDATION_ID}
- POST /api/v1/external/suppressions/aws
- DELETE /api/v1/external/suppressions/aws
- POST /api/v1/external/suppressions/gcp
- DELETE /api/v1/external/suppressions/gcp
- POST /api/v1/external/suppressions/azure
- DELETE /api/v1/external/suppressions/azure
For more information, see the Lacework API documentation.
AWS APIs support—In addition to the existing AWS APIs, Lacework resource inventory also ingests the following AWS APIs:
- Amazon IAM list-groups API
- Amazon EC2 APIs:
describe-flow-logs
describe-internet-gateways
autoscaling-launch-configuration
describe-regions
For details, see Manage Integrated AWS Resources.
v3.90
- Remote scanner renamed to inline scanner—The remote scanner is now named the inline scanner. Applicable integration types on the Container Registries page will be updated with the new name.
- Support for the organizationInfo API operation—The GET api/v1/external/account/organizationInfo operation returns whether the Lacework account is an organization account and if it is then this also returns the organization account name.