Skip to main content

September 2022 Platform Releases

Release Notes

  • Reachability filter added for Host Vulnerability - Use the Reachability filter to display hosts that have been determined as internet reachable during the latest Agentless assessment.
  • ECS service expansion for AWS resource management - Ability to identify Fargate workloads without an agent present. See Ingested AWS APIs for the additional ingested ECS APIs.
  • ILIKE LQL function - LQL now supports the ILIKE function, which allows for pattern matching in a case-insensitive manner. For details, see the LQL Overview.

Public Preview

Agentless Workload Scanning

Agentless Workload Scanning enables you to quickly gain comprehensive visibility into vulnerability risks across your cloud workloads without the need to install agents.

This release introduces the following capabilities:

  • Host vulnerability assessment for Linux hosts on AWS.
  • Container image vulnerability assessments for discovered images (for example, on Amazon EKS nodes).
  • Using the Lacework Console and AWS CloudFormation to configure an integration with your AWS account or organization for agentless workload scanning.
  • Using the Lacework Console and Terraform to configure an integration with your AWS account for agentless workload scanning.

See our Documentation and public Terraform modules for Agentless Workload Scanning integrations for more details.

Limitations

  • Currently, Lacework supports agentless scanning on AWS only.
  • Lacework does not currently support AWS organization integrations with Terraform.
  • Lacework only scans a host's root volume for vulnerabilities.
  • Lacework only supports the recommended storage driver (overlay2) for Docker container images.

Known Issues

  • Agentless data is not currently searchable when using Advanced Search in the Lacework Console for Host or Container Vulnerability.
  • The Lacework Query Language (LQL) query you specify for an integration is not validated in the UI. If an improper query is specified, the scanning will fail with the status "fail closed".

Additional Notes

  • If both agent and agentless scanning are run on a host, only the agentless scanning results for the host are displayed in the Vulnerabilities dashboard.
  • You can create multiple agentless scanning integrations in the same region. However, if overlapping integrations are created, they are not optimized. This can result in hosts being snapshotted and scanned more than once.