Cloud Activity Policy Alerts

Lacework generates policy-based alerts when there are policy violations detected from cloud activities. You can define alert rules to trigger alerts when policy-based violations are found. See Alert Rules.

The following tabs list all policy-based alerts for AWS, Azure, and GCP:

AWS
Azure
Google Cloud

Alert Name	Alert Type	Alert Subcategory
Access key deleted	AccessKeyDeleted	Cloud Activity
CloudTrail changed	CloudTrailChanged	Cloud Activity
CloudTrail deleted	CloudTrailDeleted	Cloud Activity
CloudTrail stopped	CloudTrailStopped	Cloud Activity
CloudTrail stopped	CloudTrailStopped	Cloud Activity
Config service change	ConfigServiceChange	Cloud Activity
Customer master key disabled	CustomerMasterKeyDisabled	Cloud Activity
Customer master key scheduled for deletion	CustomerMasterKeyScheduledForDeletion	Cloud Activity
Failed console login	FailedConsoleLogin	Cloud Activity
IAM access key changed	IAMAccessKeyChanged	Cloud Activity
IAM policy changed	IAMPolicyChanged	Cloud Activity
NACL change	NACLChange	Cloud Activity
Network gateway change	NetworkGatewayChange	Cloud Activity
New access key	NewAccessKey	Cloud Activity
New customer master key	NewCustomerMasterKey	Cloud Activity
New customer master key alias	NewCustomerMasterKeyAlias	Cloud Activity
New grant added to customer master key	NewGrantAddedToCustomerMasterKey	Cloud Activity
New S3 bucket	NewS3Bucket	Cloud Activity
New AWS user created	NewUser	Cloud Activity
New VPC	NewVPC	Cloud Activity
New VPN connection	NewVPNConnection	Cloud Activity
Route table change	RouteTableChange	Cloud Activity
S3 bucket ACL changed	S3BucketACLChanged	Cloud Activity
S3 bucket deleted	S3BucketDeleted	Cloud Activity
S3 bucket policy changed	S3BucketPolicyChanged	Cloud Activity
Security group change	SecurityGroupChange	Cloud Activity
Successful Non-SAML Console Login Without MFA	SuccessfulConsoleLoginWithoutMFA	Cloud Activity
Unauthorized API call	UnauthorizedAPICall	Cloud Activity
Usage of root account	UsageOfRootAccount	Cloud Activity
VPC change	VPCChange	Cloud Activity
VPN gateway change	VPNGatewayChange	Cloud Activity

Alert Name	Alert Type	Alert Subcategory
Network security group created or updated	NetworkSecurityGroupCreatedOrUpdated	Cloud Activity
Network security group deleted	NetworkSecurityGroupDeleted	Cloud Activity
Network security group rule created or updated	NetworkSecurityGroupRuleCreatedOrUpdated	Cloud Activity
Network security group rule deleted	NetworkSecurityGroupRuleDeleted	Cloud Activity
Policy assignment created	PolicyAssignmentCreated	Cloud Activity
Security policy updated	SecurityPolicyUpdated	Cloud Activity
Security solution created or updated	SecuritySolutionCreatedOrUpdated	Cloud Activity
Security solution deleted	SecuritySolutionDeleted	Cloud Activity
SQL server firewall rule created or updated	SQLServerFirewallRuleCreatedOrUpdated	Cloud Activity
SQL server firewall rule deleted	SQLServerFirewallRuleDeleted	Cloud Activity

Alert Name	Alert Type	Alert Subcategory
Audit configuration changed	AuditConfigurationChanged	Cloud Activity
Cloud storage IAM permission changed	CloudStorageIAMPermissionChanged	Cloud Activity
Custom role changed	CustomRoleChanged	Cloud Activity
Folder IAM policy changed	GCPFolderIAMPolicyChanged	Cloud Activity
New cloud storage bucket created	GCPGCSBucketCreated	Cloud Activity
IAM policy changed	GCPIAMPolicyChanged	Cloud Activity
Cloud KMS key version destroyed	GCPKMSKeyVersionDestroyed	Cloud Activity
Cloud logging sink modified	GCPLogSinkModified	Cloud Activity
New cloud KMS key created	GCPNewKMSKey	Cloud Activity
Cloud KMS key IAM policy modified	GCPNewKMSKeyIAMPolicy	Cloud Activity
New cloud KMS key ring created	GCPNewKMSKeyRing	Cloud Activity
Organization IAM policy changed	GCPOrganizationIAMPolicyChanged	Cloud Activity
Project IAM policy changed	GCPProjectIAMPolicyChanged	Cloud Activity
Service account key changed	GCPSAAccessKeyChanged	Cloud Activity
A new service account has been created	GCPSACreated	Cloud Activity
New cloud VPN created	GCPVPCVPNCreated	Cloud Activity
Cloud VPN deleted	GCPVPCVPNDeleted	Cloud Activity
Project ownership assignments changed	ProjectOwnershipAssignmentsChanged	Cloud Activity
SQL instance configuration changed	SQLInstanceConfigurationChanged	Cloud Activity
VPC Cloud NAT changed	VPCNetworkGatewayChanged	Cloud Activity
VPC network changed	VPCNetworkChanged	Cloud Activity
VPC network firewall rule changed	VPCNetworkFirewallRuleChanged	Cloud Activity
VPC network route changed	VPCNetworkRouteChanged	Cloud Activity