Skip to main content

Alert Categories

Lacework classifies alerts into related categories. A category contains various properties and specifications that define the alerts within that category.

Alert Categories

The following table describes all alert categories.

CategoryDescription
AnomalyAlerts that are generated when there are behavioral changes.
PolicyAlerts that are generated when a violation of a custom policy is detected.

Alert Subcategories

The following table describes all alert subcategories.

SubcategoryDescription
ComplianceCompliance-related alerts such as New Violations: GCP_CIS12_1_5 Ensure that ServiceAccount has no Admin privileges. Lacework uses CIS compliance rules to check if your cloud accounts are compliant with these rules. It generates alerts if there are compliance issues.
ApplicationApplication-related vulnerabilities such as a suspicious application: Suspicious test app: Suspicious application /usr/local/bin/python2.7 (and 4 more)
Cloud ActivityCloud-activity alerts specific to AWS, Azure, or Google Cloud. For example: New Violations: GCP_CIS12_3_6 Ensure that SSH access is restricted from the internet new compliance violations detected.
FilePotentially suspicious file-related alerts such as: Clone of Suspicious Files: /var/run/qa/BFNE/08082021170247/eicar.com.txt (and 96 more).
MachineMachine-related alerts such as new IP address connections: New External Server IP Address: ip-192.51.100.100.us-west-2.compute.internal connected to xx.xx.xxx.xxx
UserUser-related alerts such as suspicious user logins: Suspicious logins from multiple GEOs: Suspicious user logins detected for user web93 (and 331 more) access from multiple geographies.
PlatformPlatform-related alerts such as cloud activity ingestion failures: Cloud Activity log ingestion failure detected: dh-user-kt is failing for data ingestion into Lacework.
Kubernetes ActivityKubernetes-related alerts such as a new binding to a Cluster Role was created: K8s Audit Log Cluster Role Created.