What operating systems does the Lacework Polygraph™ support?

The Lacework agent supports most popularly used 64-bit Linux OS distributions.

The following Linux flavors are supported:

● Ubuntu (15.10, 16.04)

● Fedora (23 + )

● Redhat Enterprise Linux (6.7 +)

● Centos (7)

● Debian (wheezy, Jessie)

● Amazon Linux (14-03 + )

● CoreOS (latest versions)

Windows support is planned in a future release.

What external connectivity do I need for the Lacework agent to work?

Lacework agent communicates with the following web URLs using HTTPS protocol via TCP port 443:

  • api.lacework.net
  • s3-us-west-2.amazonaws.com

 All machines where you install the Lacework agent must have access to these web addresses to allow the agent to work.

Does Lacework agent work with proxy?

Lacework agent supports proxy configuration. If a network proxy server is in use, configuration is required either as an http_proxy environment variable or within the /var/lib/lacework/config/config.json file. Read the installation guide for proxy configuration instructions.

Does the Lacework agent support containers/micro-services?

Lacework agent can be run as a Docker container. To build your own container, follow the instructions on the Lacework Agent page. The .tar file includes a README file on getting started with Docker files and provides additional information about necessary customization within your environment.

What is the impact of Lacework agent on CPU and Network resources?

The number of network connections made by the host determines the impact on the individual server. We have observed CPU usage of 1-2% and data usage of 1Kbps in current deployments.

Does the Lacework agent work in kernel or user space?

The Lacework agent works in the user space in offline mode. There is no dependency on the IP tables and agent does not slow down application connections.

How often does the Lacework agent collect data?

Lacework is a continuous monitoring system and collects the data every time there is any network activity. The Polygraph is computed every hour.

How is the Lacework agent updated?

Lacework agent is automatically updated when a new version is available. You have the option to change this setting in the agent configuration.

How can I deploy the agent?

You can deploy the agent with any configuration management tool like Chef, Puppet, Ansible, or Salt. You can also embed the Lacework agent in the base image or AMI.

Does the Lacework agent work in aggregation mode?

Lacework agent supports proxy configuration and aggregation mode. In aggregation mode, you can convert one of the Lacework agents into an aggregator.

How do I enable FIM with agents?

To enable FIM Run following command on machines which have agents installed

# /var/lib/lacework/datacollector --enable-fim

In the future release, we will be adding the ability to enable FIM from UI and also add it to the install script.

What directories are monitored by FIM?

Monitored Paths :

["/usr/bin","/usr/sbin","/bin","/sbin","/etc", "/var/log/messages", "/var/log/syslog", "/var/log/auth.log", "/var/log/secure", "/var/www/logs/access_log", "/var/www/logs/error_log", "/var/log/maillog", "/var/log/xferlog", "/var/log/dpkg.log"],

Ignored Paths:

In future, we will be adding capabilities for customers to provide custom paths which need to be monitored.