Skip to main content

March 2023 Platform Releases

Release Notes

  • Azure and GCP instances (VMs) with no Lacework agent installed are now shown in the Agents dossier - See the Agents dossier for all available data and column descriptions.

  • Detection has been improved for 'Ensure “Block Project-Wide SSH Keys” Is Enabled for VM Instances' within the CIS GCP 1.3.0 benchmark - This applies to lacework-global-266.

    • The policy now correctly handles when the block-project-ssh-keys key value does not exist for a VM Instance. If the block-project-ssh-keys key value does not exist, the default value is false, and the instance is marked as non-compliant.

  • Detection for publicly accesible Amazon S3 buckets has been improved for AWS compliance policies - This applies to the following policies:

  • Google Apps Script projects are now hidden by default in the Cloud Compliance Dashboard - Contact Lacework Support if you want to enable visibility of these projects in the Cloud Compliance Dashboard.

  • New APIs are now generally available - New APIs for getting Azure subscription IDs and GCP project IDs from integrated cloud accounts are now GA. The IDs are useful for retrieving and filtering cloud compliance evaluation results. For details, see Azure Subscriptions and GCP Projects.

    Also, new APIs are available for invoking inventory scans and for checking the status of inventory scans. For more information, see Scan Inventory and Track Inventory Scan Status.

  • Custom compliance policies and reports - You can now create your own custom LQL-based compliance policies and reports. For more information, see Custom Compliance Policies and Custom Policy Types.

  • Unimplemented policies for CIS Azure 1.5.0 are now implemented/automated - The following policies listed in the table are now automated within the Lacework Compliance platform for the CIS Azure 1.5.0 benchmark:

    CIS Azure 1.5.0 Control IDLacework Policy IDTitle
    4.1.2lacework-global-538Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP).
    4.1.4lacework-global-539Ensure that Azure Active Directory Admin is Configured for SQL Servers.
    4.2.1lacework-global-622Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers.
    4.2.2lacework-global-623Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account.
    4.2.3lacework-global-624Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server.
    4.2.4lacework-global-625Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server.
    4.2.5lacework-global-542Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server.
    4.3.2lacework-global-544Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server.
    4.3.3lacework-global-545Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server.
    4.3.4lacework-global-546Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server.
    4.3.5lacework-global-547Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server.
    4.3.6lacework-global-548Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server.
    4.3.8lacework-global-550Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'.
    4.4.2lacework-global-552Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server.

    In addition, the following policies that were deemed manual by CIS have now been automated:

    CIS Azure 1.5.0 Control IDLacework Policy IDTitle
    4.3.7lacework-global-549Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled.
    8.6lacework-global-639Enable Role Based Access Control for Azure Key Vault.
    8.7lacework-global-640Ensure that Private Endpoints are Used for Azure Key Vault.

Public Preview

  • Attack path analysis dossier and Top work items page - Lacework leverages our platform to show possible attack paths within a cloud environment by correlating multiple risk factors from configuration, activity, and runtime data. Lacework uses this information to create an attack path if critical vulnerabilities are associated with a host instance or container image. To access the new pages, click Attack path in the Lacework Console's left navigation.
    • For each exposed asset, the Attack path analysis dossier provides an Attack Path Polygraph and detailed contextualized information so you can investigate and review potential issues.
    • The Top work items page helps you quickly understand the work items that reduce the greatest risk to your cloud environment. The page displays the top risks in each of these categories: vulnerable hosts, vulnerable container images, paths with secrets, and exposed data assets.
  • Linux Agent (from v6.4) can now detect active and inactive packages on hosts - Use the Package Status filter in Host Vulnerability to see active or inactive vulnerable packages on hosts. See Host Vulnerability - Package Status for details.
    • Additionally, the Package Status filter can be used when downloading a Custom CSV.