Alert Types Classified as Threat Intel Subcategory
Overview
Lacework generates threat intel alerts when it detects inbound/outbound connections with known bad external hosts.
Lacework's threat intel alerts provide advanced warning of potential threats based on the latest intelligence and threat analysis. The alerts are raised within 15 minutes of the potential threat being detected, giving you more time to take action and protect your organization's assets.
All threat-intel alerts are equipped with the following new features:
- Evolving Alerts - This feature allows you to receive a single, consolidated alert that will automatically update and evolve over one hour, reducing the noise of repetitive alerts. This approach will give you all the information you need to triage and investigate alerts while minimizing distractions and interruptions. See Evolving Alerts for more information.
- Aggregation keys - This feature allows the grouping of similar alerts into one consolidated alert with all the latest information about the threat, reducing the number of notifications you receive.
Alert List
The following table lists all threat intel alerts.
| Alert Name | Alert Type | Alert Subcategory | Connection |
|---|---|---|---|
| Inbound connection from a bad external IP Address | ExternalClientBadIpConn | Threat Intel | IP --> Machine |
| Outbound connection to a bad external IP Address | ExternalServerBadIPConn | Threat Intel | IP --> Machine |
| Outbound connection to a bad external URL | ExternalServerBadDNSConn | Threat Intel | IP --> Machine |
note
Suppression of threat intelligence alerts is currently unavailable.