Machine Anomaly Alerts
Lacework generates machine-based alerts when there are machine-related vulnerabilities detected. You can define alert rules to trigger alerts when machine-related vulnerabilities are found. See Alert Rules.
Alert List
The following table lists all the machine-based alerts.
| Alert Name | Alert Type | Alert Subcategory | Connection |
|---|---|---|---|
| Bad external client DNS | NewExternalClientBadDns | Machine | Domain -> Machine |
| Bad external client IP address | NewExternalClientBadIp | Machine | IP -> Machine |
| New external client DNS | NewExternalClientDns | Machine | IP -> Machine |
| New external client IP address | NewExternalClientIp | Machine | IP -> Machine |
| Bad external host | NewExternalServerBadDns | Machine | Machine -> Domain |
| Bad external server IP address | NewExternalServerBadIp | Machine | Machine -> IP |
| Outbound connection to new domain from host Note: Legacy name: New external host | NewExternalServerDns | Machine | Machine -> Domain |
| Outbound connection to new domain from application Note: Legacy name: New external host | NewExternalServerDns | Machine | |
| Outbound connection to a new external IP address from host Note: Legacy name: New external server IP address | NewExternalServerIp | Machine | Machine -> IP |
| Outbound connection to a new external IP address from application Note: Legacy name: New external server IP address | NewExternalServerIp | Machine |
Suppress an Alert
Suppressing specific machine-related alerts reduces the number of alerts and allows you to focus on the assets that are most important to you. For details, see Suppress Behavior Anomaly Alerts.