Alert Types Classified as Composite Category
Overview
Watch Video Summary
A composite alert consists of multiple Lacework detection mechanisms. Lacework generates composite alerts when it detects potential intrusions in your cloud entities. Each alert provides insight into the suspected compromise such as users, machines, or IP addresses.
With composite alerts, Lacework further alleviates the alert fatigue by automatically correlating disparate events across multiple detection sources into higher-level objects.
info
The Potentially Compromised Host alert is available to all customers who have Lacework Agents installed, regardless of their cloud providers.
Alert List
The following table lists all the composite alerts.
| Alert Name | Alert Type | Source |
|---|---|---|
| Potential cloud-native ransomware attack | Potential cloud-native ransomware attack |
|
| Potential cryptomining attack on host | IncidentPotentialHostCryptominingAttack |
|
| Potential AWS defense evasion | IncidentPotentialDefenseEvasionAws | AWS CloudTrail |
| Potentially compromised AWS keys | IncidentPotentiallyCompromisedAWSKeys | AWS CloudTrail |
| PotentiallyCompromisedHost |
| |
| PotentiallyCompromisedGcp | GCP Audit Log Note: Before proceeding with this alert, make sure you have set up a Google Cloud Pub/Sub alert channel. |