Resource Explorer

Overview

The new Lacework Resource Explorer gives you increased visibility into your cloud environments. Cloud environments consist of multiple resource types each with numerous resources, making security and risk management overwhelming. Often, increased visibility can lack the necessary context to help you discern risks in your environment and prioritize remediation. Our Resource Explorer is designed to bridge this gap and give you complete visibility into your cloud environments and resource components.

Resource Explorer is a security tool that grants you visibility into your multi-cloud environments and their resources and risks. We offer support for AWS, Azure, and Google Cloud environments and enable you to view, search, sort, and filter among all resources across these environments—with no limit.

With security analysts in mind, resource Explorer introduces a new level of practicality with the following capabilities:

• Real-time resource monitoring: Provides immediate visibility into cloud resources, facilitating the prompt detection of unauthorized or suspicious activities.
• Unified security assessment: Consolidates cloud resources into a single view, aiding security analysts in assessing security posture comprehensively, identifying vulnerabilities, and efficiently recognizing compliance issues.
• Security management: Automates tracking and management of mission-critical resources, workloads, and accounts, enabling your security team to monitor, respond to, and secure these assets effectively. This enhances incident response capabilities and ensures adherence to security policies.

To achieve these benefits, Lacework periodically captures a snapshot of your resources. The time it takes for these snapshots to fully reflect any changes can vary depending on when Lacework takes the snapshot.

Ingested Cloud Resource APIs

See Datasource Metadata for all APIs that are supported for ingestion.

Use Cases

Utilize Resource Explorer for efficient cloud resource management and various tasks, such as:

• Continuous Monitoring and Vulnerability Assessment
• Investigate Active Threats
• Identify High-Risk Resources

Continuous Monitoring and Vulnerability Assessment

Continuous monitoring

To access compute usage data of resources in your production environment, follow these steps:

1. Click the Category filter group and select Compute.
2. Click Show results to filter resources accordingly. Adjust the Date range to refine the timeframe for more relevant data.
3. Review the stacked line chart, which provides an overview of the total resources in use during the selected timeframe.
4. Examine the bar chart, which categorizes the resources in use by resource type.
5. To filter for AWS resources exclusively, click the Resource Group filter group and select All AWS resources.
6. Additionally, you can filter resources based on specific regions. Click the Region filter group and choose the regions of interest, such as us-east-1, us-east-2, and us-west-1.

Vulnerability assessment

To identify highly or critically vulnerable virtual machines (VMs) in your production environment, follow these steps:

1. Click the Vulnerabilities filter group and select High and Critical.
2. Click Show results to filter resources accordingly. Adjust the Date range to refine the timeframe for more relevant data.
3. Review the stacked line chart, which provides an overview of the total resources in use during the selected timeframe.
4. Examine the bar chart, which categorizes the resources in use by resource type.
5. To pinpoint VMs that are included in an attack path, click the Attack Paths filter group and select Has attack paths.

Investigate Active Threats

You can leverage the Resource Explorer to support your investigation of an active threat. For instance, when your team receives an alert triggered by Splunk and originating from GuardDuty with the identifier Behavior:EC2/TrafficVolumeUnusual, follow these steps to gather relevant information:

1. Navigate to the Resource list, and use the search field to enter the instance ID for retrieving the specific resource.
2. Click the resource to reveal comprehensive details, encompassing the count of vulnerabilities, misconfigurations, alerts, and available attack paths.
3. Select the Vulnerabilities card to view all vulnerabilities detected by Lacework for this resource. These details are presented within the Host vulnerabilities page.
4. Navigate to the Vulnerabilities list and click the hostname to conduct a more in-depth assessment of the risk level assigned to this host. Evaluate the number of Common Vulnerabilities and Exposures (CVEs), and critical information essential for mitigating the threat effectively.

Identify High-Risk Resources

To identify high-risk resources within your production environment, follow these steps:

1. Click the Vulnerabilities filter group and select High and Critical.
2. Click Show results to filter resources accordingly. Adjust the Date range to refine the timeframe for more relevant data.
3. Review the stacked line chart, which provides an overview of the total resources in use during the selected timeframe.
4. Examine the bar chart, which categorizes the resources in use by resource type.
5. To pinpoint resources that are included in an attack path, click the Attack Paths filter group and select Has attack paths.
6. To identify resources exposed to the Internet, click Internet Exposure filter group and select Yes.
7. Within the Resource list, click on each resource to access comprehensive details, including the count of vulnerabilities, compliance findings, alerts, and available attack paths.
8. Select the Vulnerabilities card to view all vulnerabilities detected by Lacework for this resource. These details are presented within the Host vulnerabilities page.
9. Navigate to the Vulnerabilities list and click the hostname to conduct a more in-depth assessment of the risk level assigned to this host. Evaluate the number of Common Vulnerabilities and Exposures (CVEs) and critical information essential for alleviating the risk effectively.