Lacework Console - Agentless Workload Scanning
View Agentless Workload Scanning Results
Once you have integrated Agentless Workload Scanning with your cloud provider, you can view the results of Host and Container scans.
Agentless Host Vulnerability
- Click Vulnerabilities > Hosts to view host vulnerabilities in your environment.
- Apply the Collector Type: Agentless filter (when Group by Host is active) to view host scan results from Agentless Workload Scanning integrations.
The collector value is Agentless for any host that has been assessed using this type of integration.
Agentless Container Vulnerability
- Click Vulnerabilities > Container to view container vulnerabilities in your environment.
- Apply the Scanner Type: Agentless filter (when Group by Image ID is active) to view image scan results from Agentless Workload Scanning integrations.
You can also use the Request Source filter in the Advanced Search field. Click the agentless_scanner option from the dropdown list.
View Exposure Polygraph in Single Machine Dossier
- Click Resources > Host > Machines to view the Machines dossier.
- Click on a Hostname (for example, in the Machine properties or Machine activity table) to view the Single Machine Dossier for that host.
- Find the Exposure Polygraph section to view exposure details from the latest Agentless scan.
Manage your Integration in the Lacework Console
View your Agentless Workload Integrations by navigating to Settings > Integrations > Cloud accounts.
tip
Enter Agentless in the search bar to look for Agentless Workload Scanning integrations.
View Integration Details in the Lacework Console
Select an Agentless Workload Scanning integration in the Cloud accounts table to view its details. The details vary depending on the cloud provider.
note
The majority of the non-editable fields are automatically populated after completing the integration.
AWS
| Title | Description | Example |
|---|---|---|
| Title | The name for the integration (as it will be displayed in the Lacework Console). | myAgentlessIntegration |
| Account | The AWS Account ID for this integration. | 123456789012 |
| Provider | The Cloud Provider for the integration. | AWS |
| Type | AWS Integration Type | Agentless (Single account) or Agentless (Organization) |
| ID | The Lacework generated ID for the integration | AGENTLES_123ABC... |
| External ID | The AWS External ID for the integrated AWS account. | 1A2B3C4D5 |
| Role ARN | The AWS Role ARN created for the Agentless Workload Scanning integration. | arn:aws:iam::account:role/role-name-with-path |
| Management Account (Organization integrations only) | The ID of your AWS organization management account. | 123456789012 |
| Monitored Accounts (Organization integrations only) | The IDs of the Root, Organizational Unit(s), and/or accounts in your AWS organization on which agentless workload scanning will be run. | 123456789012 |
| Scanning Account (Organization integrations only) | The ID of the AWS account that was configured to scan your AWS organization during the agentless workload scanning integration. | 123456789012 |
| Bucket ARN | The S3 bucket ARN created for the Agentless Workload Scanning integration. | arn:aws:s3:::bucket_name/key_name |
| Limit Scanned Workloads | The LQL key and value to constrain the Agentless Workload Scanning to specific resources. If it is blank, Lacework will scan all resources available to the account or organization. See Limit Scanned Workloads (Single Account or Organization) for further guidance. | |
| Scan Frequency (hours) | How often your containers and hosts are scanned for vulnerabilities (in hours). | 24 |
| Scan containers | Whether your containers will be scanned for vulnerabilities. | true |
| Scan host vulnerabilities | Whether your hosts will be scanned for vulnerabilities. | true |
| Authorization Token | The Lacework authorization token for the integration. | _123456789abcdef123456789abcd |
| credentials.json | Click to download the Lacework authorization token for the integration in JSON format. | N/A |
| Updated | Displays the last time the integration was updated. | 5/25/2022 12:36 PM (PST) |
| Updated by | Displays the user that last updated the integration. | myemail@address |
| Status | The current status of the integration | Success Pending Error |
Enable or Disable an Integration in the Lacework Console
Go to Settings > Integrations: Cloud accounts.
Find and select your integration in the table.
Click the Enable/Disable button
to enable or disable the integration.This can also be done when viewing the Cloud accounts table and clicking the Enable/Disable button in the State column for the integration.
Edit your Integration in the Lacework Console
Go to Settings > Integrations: Cloud accounts.
Find and select your integration in the table.
Click the Edit button
to start editing the integration settings.The settings vary depending on the Cloud Provider:
Delete your Integration in the Lacework Console
- Go to Settings > Integrations: Cloud accounts.
- Find and select your integration in the table.
- Click the Delete icon
to delete the integration.