March 2022 Platform Releases
Release Notes
Customer Onboarding - Lacework offers a new module-based self-service initial onboarding workflow for new customers as they log into the platform. This feature includes built-in documentation for each onboarding step, progress tracking for customers, and easy return to onboarding tasks through the Settings page.
New Settings page - Lacework offers a new Settings page with a modern and cleaner design. This newly-organized page also include some ease-of-use walkthrough steps when performing new configurations or changing existing configurations on the console.
Additional column options added to Vulnerability assessment drawers - Container vulnerability has new column options for Image and CVE assessments, and Host vulnerability has new column options for Host and CVE assessments.
Explainability enhancements for LW Risk Score - New risk/impact analysis charts have been added to the Host, Image, and CVE assessment drawers.
Vulnerability CSV Reports enabled by default - Three CSV download options are generally available for Vulnerability reports. See Container and Host vulnerability for details.
Container image assessments display Inline Scanner as source on Lacework Console - When the
--save
and--registry
flags are used with the Lacework Inline Scanner, the image assessment source is now reported as lacework_inline_scanner (or local_image if--registry
is not used).CVSS scores now shown for GitHub Security Advisory (GHSA) packages - For Container Vulnerability scanning, GHSA packages now display a CVSS score that is pulled directly from GHSA. Previously, this information was obtained from the NVD, which did not provide a CVSS score for GHSA packages.
GCP Resource Management - Lacework now supports Resource Management for GCP. The GCP Resource Inventory page allows you to view and monitor in-use GCP resources and track their changes (diffs). The resources are collected once a day. For information on how to upgrade existing customer integrations with necessary permissions, see Manage Integrated GCP Resources.
API v2 Data Plane - Lacework releases a new set of APIs for API v2. Following the release of API v2 last year, Lacework now introduces 20+ new APIs, such as vulnerability and entities with pagination support. Pagination will support up to 500K rows to be returned and the new APIs introduced contain multiple filters with much closer parity to the UI options.
Vulnerability Exceptions are now auditable - Changes to Vulnerability Exceptions are now audited in the Lacework Audit Logs.
Inline Scanner evaluations can be manually tagged as a CI Build - Use the
--ci-build
flag with theimage evaluate
command to tag the evaluation as a CI Build in the assessment report. This is automatically set if either--build-id
or--build-plan
is defined.StdOut logging can now be enabled for Lacework Inline Scanner - The Lacework Inline Scanner now supports stdout logging, see Global Flags.
Scan Status filters added to Host Vulnerability - Filter hosts that have been successfully scanned, failed scanning due to an error, or are running an unsupported operating system. See details in Host Vulnerability - Scan Status.
SUSE Linux Enterprise Server and openSUSE support added for Host vulnerability scanning - See Host Vulnerability - Supported Operating Systems for specific versions that are supported.
Ubuntu Extended Security Maintenance (ESM) support for host vulnerability scanning - Lacework now supports vulnerability scanning of hosts with Ubuntu ESM operating systems.
API updates - Payloads sent to and returned from the following APIs have changed:
GET /Policies
GET /Policies/{PolicyId}
POST /Policies
PATCH /Policies/{PolicyId}
GET /Queries
GET /Queries/{QueryId}
POST /Queries
In each of the listed APIs, the
evaluatorId
field has been removed. For POST and PATCH endpoints, theevaluatorId
field is still accepted but is ignored. No warning is returned if anevaluatorId
is provided; this behavior may change in the future. For responses from all of these calls, anevaluatorId
field is no longer returned.
Known Issues
- "Scan only these repositories" option removed from Proxy Scanner configuration - This functionality was not being honored for the Proxy Scanner and has been removed from the Lacework Console.