Event Insights

The command lacework event helps you perform initial discovery and analysis of events happening in your Lacework account.

You can quickly see the list of all the events from the last 7 days in your account with their severity:

lacework events list

This command is limited to displaying 7 days of data.

There are three different options to filter results by time periods:

  • Specify a start time with the flag --start
  • Specify both, start and end times with the flags --start and --end
  • Filter on a specific number of days with the flag --days

To show all events from the past day.

lacework events list --days 1

To show all the events from a specific start time that has severity medium and above (critical, high, and medium).

lacework events list --start 2020-08-26T23:28:29Z --severity medium

To drill into an event and show its details.

lacework event show <event_id>

To open an event in the Lacework Console for further investigation.

lacework event open <event_id>