The following features were introduced in Lacework release version 1.43, enhancing Workload Security and Lacework integration with AWS CloudTrail.
To accelerate security investigations, global search has been added to the Lacework UI. Search results are grouped by the familiar categories of applications, containers, files, machines and networks, so Lacework end users can efficiently review events. Global search makes it easy for users to enter keywords from other alerting tools and quickly validate events across platforms.
Enhanced User Visibility in AWS CloudTrail Events
Lacework’s analysis of AWS CloudTrail events has been expanded to include additional user identity information, which can be helpful when investigating events during which a user or service assumes a different role. For all AWS accounts enabled with CloudTrail, Lacework links the request for an STS token with the subsequent request for service.
File Integrity Monitoring (FIM) Enablement
FIM is now enabled by default. Please refer to Lacework Agent for information on Lacework FIM.
Lacework has added RBAC to allow administrators to better manage users. RBACv1 creates 2 user roles: Admin and Non-admin. Administrators will be the only users able to create and delete other users, enable Lacework integrations and provide feedback. The first user of the Lacework service will be assigned the role of administrator by default.