Skip to main content

Lacework Console - Agentless Workload Scanning

View Agentless Workload Scanning Results

Once you have integrated Agentless Workload Scanning with your cloud provider, you can view the results of Host and Container scans.

Agentless Host Vulnerability

  1. Click Vulnerabilities > Hosts to view host vulnerabilities in your environment.
  2. Apply the Collector Type: Agentless filter (when Group by Host is active) to view host scan results from Agentless Workload Scanning integrations.

Successful Agentless scan dashboard

The collector value is Agentless for any host that has been assessed using this type of integration.

Agentless Container Vulnerability

  1. Click Vulnerabilities > Container to view container vulnerabilities in your environment.
  2. Apply the Scanner Type: Agentless filter (when Group by Image ID is active) to view image scan results from Agentless Workload Scanning integrations.

console-container-vulnerability-agentless.png

You can also use the Request Source filter in the Advanced Search field. Click the agentless_scanner option from the dropdown list.

View Exposure Polygraph in Single Machine Dossier

  1. Click Resources > Host > Machines to view the Machines dossier.
  2. Click on a Hostname (for example, in the Machine properties or Machine activity table) to view the Single Machine Dossier for that host.
  3. Find the Exposure Polygraph section to view exposure details from the latest Agentless scan.

console-single-machine-dossier-exposure-polygraph.png

Manage your Integration in the Lacework Console

View your Agentless Workload Integrations by navigating to Settings > Integrations > Cloud accounts.

tip

Enter Agentless in the search bar to look for Agentless Workload Scanning integrations.

View Integration Details in the Lacework Console

Select an Agentless Workload Scanning integration in the Cloud accounts table to view its details. The details vary depending on the cloud provider.

note

The majority of the non-editable fields are automatically populated after completing the integration.

AWS

TitleDescriptionExample
TitleThe name for the integration (as it will be displayed in the Lacework Console).myAgentlessIntegration
AccountThe AWS Account ID for this integration.123456789012
ProviderThe Cloud Provider for the integration.AWS
TypeAWS Integration TypeAgentless (Single account) or Agentless (Organization)
IDThe Lacework generated ID for the integrationAGENTLES_123ABC...
External IDThe AWS External ID for the integrated AWS account.1A2B3C4D5
Role ARNThe AWS Role ARN created for the Agentless Workload Scanning integration.arn:aws:iam::account:role/role-name-with-path
Management Account (Organization integrations only)The ID of your AWS organization management account.123456789012
Monitored Accounts (Organization integrations only)The IDs of the Root, Organizational Unit(s), and/or accounts in your AWS organization on which agentless workload scanning will be run.123456789012
Scanning Account (Organization integrations only)The ID of the AWS account that was configured to scan your AWS organization during the agentless workload scanning integration.123456789012
Bucket ARNThe S3 bucket ARN created for the Agentless Workload Scanning integration.arn:aws:s3:::bucket_name/key_name
Limit Scanned WorkloadsThe LQL key and value to constrain the Agentless Workload Scanning to specific resources. If it is blank, Lacework will scan all resources available to the account or organization. See Limit Scanned Workloads (Single Account or Organization) for further guidance.
Scan Frequency (hours)How often your containers and hosts are scanned for vulnerabilities (in hours).24
Scan containersWhether your containers will be scanned for vulnerabilities.true
Scan host vulnerabilitiesWhether your hosts will be scanned for vulnerabilities.true
Authorization TokenThe Lacework authorization token for the integration._123456789abcdef123456789abcd
credentials.jsonClick to download the Lacework authorization token for the integration in JSON format.N/A
UpdatedDisplays the last time the integration was updated.5/25/2022 12:36 PM (PST)
Updated byDisplays the user that last updated the integration.myemail@address
StatusThe current status of the integrationSuccess
Pending
Error

Enable or Disable an Integration in the Lacework Console

  1. Go to Settings > Integrations: Cloud accounts.

  2. Find and select your integration in the table.

  3. Click the Enable/Disable button Enable/disable toggle to enable or disable the integration.

    This can also be done when viewing the Cloud accounts table and clicking the Enable/Disable button in the State column for the integration.

Edit your Integration in the Lacework Console

  1. Go to Settings > Integrations: Cloud accounts.

  2. Find and select your integration in the table.

  3. Click the Edit button Edit Icon to start editing the integration settings.

  4. The settings vary depending on the Cloud Provider:

Delete your Integration in the Lacework Console

  1. Go to Settings > Integrations: Cloud accounts.
  2. Find and select your integration in the table.
  3. Click the Delete icon Delete Icon to delete the integration.