When used with AWS, Lacework Polygraph can access extended information about the customer’s AWS environment, such as tags, instance types and additional configuration information. This information enhances Polygraph’s ability to automatically tag and group cloud entities.
Docker Lacework Polygraph accesses information from Docker environments to enhance breach detection and incident investigations. Lacework is fully container-aware and is available as a Docker container.
Lacework integrates with Slack, the app preferred by modern teams for real-time messaging, archiving, and search. Lacework works with the slack application to send alerts on on pre-defined channels, helping security and Ops teams use their existing workflows to manage security incidents.
Lacework identifies malicious IP addresses and DNS services by integrating with a number of external threat feeds that provide reputation services. Communication with a known-bad IP address will trigger a Lacework alert. Investigators can explore more information about the suspicious IP address without leaving Polygraph.
Lacework assists insider investigations with an integrated GEO-IP service. GEO-IP uses the incoming IP address to determine the geographic location of the user. This information can highlight unusual behavior that might indicate a breach. Location information is also useful when investigating security incidents.
Lacework simplifies investigations with an integrated WHO-IS service. Information about a domain name, such as assignees, IP addresses, and other information, can be seen within the Lacework Polygraph context without leaving the tool.