September 2022 Platform Releases
Release Notes
- Lacework AWS Security Addendum 1.0 - New report based on guidance from Lacework for AWS, complementing the AWS CIS v1.4.0 report. For more information, see Lacework AWS Security Addendum 1.0. Also see Mapping Between Legacy Lacework Rules and Latest Lacework Policies for information about how legacy Lacework rules map to AWS Security Addendum policies.
- ECS service expansion for AWS resource management - Ability to identify Fargate workloads without an agent present. See Ingested AWS APIs for the additional ingested ECS APIs.
ILIKELQL function - LQL now supports theILIKEfunction, which allows for pattern matching in a case-insensitive manner. For details, see the LQL Overview.- S3 Event Notifications and S3 Event Notifications with SNS - Lacework supports three pipelines to integrate with AWS:
- CloudTrail Log Delivery Notifications
- S3 Event Notifications
- S3 Event Notifications with SNS
For more details, see AWS Integration Prerequisites. - Lacework API rate limit increase - The rate limit for Lacework API requests per hour per user is increased from 360 to 480. For details about API rate limits, see the Lacework API 2.0 Documentation.
Beta Releases with Limited Availability
Kubernetes Compliance for Amazon EKS
This beta release encompasses the following new features:
- Integrate your Amazon EKS clusters with the Lacework Compliance platform.
- Monitor your compliance using the CIS Amazon EKS 1.1.0 Benchmark policies.
- View your compliance posture on all integrated Kubernetes clusters using the Kubernetes Compliance dashboard.
Public Preview
Agentless Workload Scanning
Agentless Workload Scanning enables you to quickly gain comprehensive visibility into vulnerability risks across your cloud workloads without the need to install agents.
This release introduces the following capabilities:
- Host vulnerability assessment for Linux hosts on AWS.
- Container image vulnerability assessments for discovered images (for example, on Amazon EKS nodes).
- Using the Lacework Console and AWS CloudFormation to configure an integration with your AWS account or organization for agentless workload scanning.
- Using the Lacework Console and Terraform to configure an integration with your AWS account for agentless workload scanning.
See our Documentation and public Terraform modules for Agentless Workload Scanning integrations for more details.
Limitations
- Currently, Lacework supports agentless scanning on AWS only.
- Lacework does not currently support AWS organization integrations with Terraform.
- Lacework only scans a host's root volume for vulnerabilities.
- Lacework only supports the recommended storage driver (overlay2) for Docker container images.
Known Issues
- Agentless data is not currently searchable when using Advanced Search in the Lacework Console for Host or Container Vulnerability.
- The Lacework Query Language (LQL) query you specify for an integration is not validated in the UI. If an improper query is specified, the scanning will fail with the status "fail closed".
Additional Notes
- If both agent and agentless scanning are run on a host, only the agentless scanning results for the host are displayed on the Vulnerabilities dashboard.
- You can create multiple agentless scanning integrations in the same region. However, if overlapping integrations are created, they are not optimized. This can result in hosts being snapshotted and scanned more than once.