Knowledge BaseRelease NotesRequest Demo

Lacework Export

Export Lacework logs to Panther via S3, Google Cloud Storage, or Azure

Overview

Panther supports ingesting Lacework export logs common Data Transport options: Amazon Web Services (AWS) S3, Google Cloud Storage (GCS), and Azure Blob.

If you are looking for instructions on ingesting Lacework.Events logs, please see the Lacework Alert Channel Webhook documentation.

How to onboard Lacework Export logs to Panther

To connect these logs into Panther:

  1. In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

  2. Click Create New.

  3. Search for "Lacework Export,", then click its tile.

  4. In the Transport Mechanism drop-down, select the Data Transport method you wish to use for this integration. After choosing Lacework Export, the slideout tile is displayed. There is a dropdown in the upper right where you can select the Transport Mechanism.

  5. Click Start Setup.

  6. Follow Panther's instructions for configuring the selected Data Transport method:

  7. Configure Lacework to push logs to the Data Transport source.

Supported log types

Lacework.AgentManagement

Lacework.AgentManagement gathers Lacework agent management information.

Reference: Lacework Documentation on AgentManagement.

Lacework.AlertDetails

Lacework.AlertDetails provides information about generated alerts.

Reference: Lacework Documentation on AlertDetails.

Lacework.AllFiles

Lacework.AllFiles tracks every time Lacework detects a file.

Reference: Lacework Documentation on AllFiles.

Lacework.Applications

Lacework.Applications contains applications information running on the machine with an agent installed with details (such as application name, user name, machine, etc.).

Reference: Lacework Documentation on Applications.

Lacework.ChangeFiles

Lacework.ChangeFiles tracks every time a file is changed in your environment.

Reference: Lacework Documentation on ChangeFiles.

Lacework.CloudCompliance

Lacework.CloudCompliance tracks compliance violations identified by Lacework cloud assessments.

Reference: Lacework Documentation on CloudCompliance.

Lacework.CloudConfiguration

Lacework.CloudConfiguration contains details about supported and configured cloud resources.

Reference: Lacework Documentation on CloudConfiguration.

Lacework.Cmdline

Lacework.Cmdline monitors any command line invocations in your environment.

Reference: Lacework Documentation on Cmdline.

Lacework.Connections

Lacework.Connections monitors for connections in your environment.

Reference: Lacework Documentation on Connections.

Lacework.ContainerSummary

Lacework.ContainerSummary monitors for containers in your environment.

Reference: Lacework Documentation on ContainerSummary.

Lacework.ContainerVulnDetails

Lacework.ContainerVulnDetails monitors for container vulnerabilities in your environment.

Reference: Lacework Documentation on ContainerVulnDetails.

Lacework.DNSQuery

Lacework.DNSQuery monitors for any DNS queries in your environment.

Reference: Lacework Documentation on DNSQuery.

Lacework.HostVulnDetails

Lacework.HostVulnDetails provides details around any vulnerabilities on hosts across your environment.

Reference: Lacework Documentation on HostVulnDetails.

Lacework.Image

Lacework.Image provides details about any container images in your environment.

Reference: Lacework Documentation on Images.

Lacework.Interfaces

Lacework.Interfaces monitors any discovered network interfaces across your environment.

Reference: Lacework Documentation on Interfaces.

Lacework.InternalIPA

Lacework.InternalIPA monitors any internal IP addresses across your environment.

Reference: Lacework Documentation on InternalIPA.

Lacework.MachineDetails

Lacework.MachineDetails aggregates historical data about any machines found in your environment.

Reference: Lacework Documentation on MachineDetails.

Lacework.MachineSummary

Lacework.MachineSummary summarizes and aggregates details about machines in your environment.

Reference: Lacework Documentation on MachineSummary.

Lacework.NewHashes

Lacework.NewHashes tracks any new file hashes in your environment.

Reference: Lacework Documentation on NewHashes.

Lacework.Package

Lacework.Package tracks any packages in your environment.

Reference: Lacework Documentation on Packages.

Lacework.PodSummary

Lacework.PodSummary tracks any pods (collections of one or more containers) in your environment.

Reference: Lacework Documentation on PodSummary.

Lacework.ProcessSummary

Lacework.ProcessSummary tracks any processes running in your environment.

Reference: Lacework Documentation on ProcessSummary.

Lacework.UserDetails

Lacework.UserDetails tracks historical data about any users in your environment.

Reference: Lacework Documentation on UserDetails.

PreviousLacework Alert Channel WebhookNextMaterial Security Logs

Last updated

Was this helpful?