New Vulnerable Child Launched
This alert occurs when Lacework detects a newly created process or child process that is vulnerable to attack. This alert is typically triggered when a process or application is launched on a system and is identified as having known vulnerabilities that an attacker could exploit.
Why this alert is important
This alert indicates that your system is at risk of being compromised. By identifying and addressing vulnerable processes and applications, you can reduce the risk of a successful attack and improve the overall security of your system.
Investigation
Follow these steps to investigate the alert:
- Check your system logs and security event logs to identify the process or application that triggered the incident. Look for any unusual activity or behavior that indicates a potential security issue.
- Use vulnerability scanning tools or search vulnerability databases to identify any known vulnerabilities associated with the process.
- Evaluate the potential impact of the vulnerability and the level of risk it poses to your system. Determine whether the vulnerability can be exploited remotely or if it requires local access to the system.
Resolution
Follow these steps to resolve the alert:
- Apply any software patches or updates that address the vulnerabilities associated with the process or application. Keep your software up-to-date to minimize the risk of future security incidents.
- Review and update your security settings to prevent unauthorized access to the vulnerable process or application. This may involve configuring firewalls, access controls, and other security settings to restrict access and protect your system.
- If the process or application poses a high risk and cannot be secured through software patches or updates, consider removing or disabling it altogether.
- Conduct a system-wide security assessment to identify any additional vulnerabilities or areas for improvement. Address any identified issues to strengthen your overall security posture.