When you initially log in to the Lacework Console (or click Dashboard ), the global dashboard displays. In the top left corner Lacework lets you perform a global search of assets known to Lacework. For more information, see Global Search.
Lacework supports the following browser versions and later:
- Google Chrome 63
- Apple Safari 11
- Microsoft Edge 15
- Mozilla Firefox 58
The global dashboard displays a visual summary of the following items for the selected timeframe:
- All cloud, network, user, and process events ingested by Lacework This depends on the configured integrations, for example, CloudTrail data is not displayed unless CloudTrail is configured as an integration.
- Entity behaviors identified by Lacework
- Events and critical events generated by Lacework
You can filter on a timeframe using the Last … drop-down located in the top right corner. You can filter from the last 24 hours to 90 days (or 180 days if you subscribe to additional storage).
To change the view to display Events over Time, click Trends. This displays a graph with events of varying severity (from critical to informational) over the same selected timeframe.
To filter events by severity, select one or more checkboxes under Events Over Time.
The slider bars below the graph let you zoom in to a shorter time period during the selected timeframe, for example, you can adjust both left and right sliders during a 3-day window to view a 4-hour window.
Users in different time zones can select the time range in their local time, but the data is always in GMT. So, users in different time zones might see different data depending on local time.
Below the dashboard is the Compliance Trends Over Time graph, which displays the percentage of compliance over time for AWS, Azure, and GCP. This graph displays information only if the appropriate cloud checkbox is selected and the cloud service integration with Lacework is configured.
Below the Compliance Trends Over Time graph are two bar graphs that display cloud compliance and host events. The cloud graph is populated with events only if a cloud integration is configured and the host graph is populated only if agents are deployed in your environment.
By default, the graph displays up to five event types. The listed order of the event types is weighted by the severity of the events followed by the total number of events, for example, one critical event is listed before two high severity events. If more than five event types are available for the selected time period, you can view the remaining event types by clicking the View ... link below the graph.
Click any severity bar to open the Events page, filtered by the selected event type and severity.
The global search provides the ability to search across a number of assets in Lacework. To start a search, click Search and enter text in the search bar and Lacework immediately returns results when the search finds any assets that match the entered string, within the following time constraints:
- Events created in the last 90 days
- Networks accessed in the last 7 days
- All other assets created or accessed in the last 30 days