Datasource Metadata
This topic lists the datasources and metadata supported by the Lacework Policy Platform.
Agent Datasources
LW_HA_CONNECTION_SUMMARY
Summary of connections
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| SRC_ENTITY_TYPE | String | Type of entity initiating the connection |
| SRC_ENTITY_ID | JSON | Identifier for entity initiating the connection |
| DST_ENTITY_TYPE | String | Type of entity accepting the connection |
| DST_ENTITY_ID | JSON | Identifier for entity accepting the connection |
| SRC_IN_BYTES | Number | Bytes received by entity initiating the connection |
| SRC_OUT_BYTES | Number | Bytes sent by entity initiating the connection |
| DST_IN_BYTES | Number | Bytes received by entity accepting the connection |
| DST_OUT_BYTES | Number | Bytes sent by entity accepting the connection |
| ENDPOINT_DETAILS | JSON | Array of endpoint information (IPs, ports, protocol) for individual connections between entities |
| NUM_CONNS | Number | Total number of connections between source and destination entities |
LW_HA_DNS_REQUESTS
DNS Request information
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| MID | Number | Machine identifier reporting the activity |
| SRV_IP_ADDR | String | IP address of DNS Server |
| HOSTNAME | String | Hostname that is being looked up |
| HOST_IP_ADDR | String | Resolved IP address of hostname |
| TTL | Number | Time to live for name resolution |
| PKTLEN | Number | Length of response packet |
LW_HA_FILE_CHANGES
Details about file changes
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| ACTIVITY_START_TIME | Timestamp | Start Time for activity occurring |
| ACTIVITY_END_TIME | Timestamp | End Time for activity occurring |
| MID | Number | Machine identifier where the file resides |
| PATH | String | File path |
| ACTIVITY | String | Type of activity that occurred |
| FILEDATA_HASH | String | Hash key of file contents |
| LAST_MODIFIED_TIME | Timestamp | Last modified time of file |
| SIZE | Number | Size of file |
LW_HA_SYSCALLS_EXEC
System call exec activity
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | TIMESTAMP | Beginning of time interval |
| BATCH_END_TIME | TIMESTAMP | End of time interval |
| BATCH_ID | STRING | Identifier of insertion batch from agent. Useful for matching possibly related records. |
| RECORD_CREATED_TIME | TIMESTAMP | Record creation time |
| MID | NUMBER | Machine identifier |
| EXE_PATH | STRING | Executable path that was launched |
| PID | NUMBER | Identifier of the process that performed the syscall |
| PID_HASH | NUMBER | Process hash of the process that performed the syscall |
| PPID | NUMBER | Parent process identifier assigned by OS |
| PPID_HASH | NUMBER | Unique identifier for parent process |
| CMDLINE | STRING | Full command line for the execution call |
| UID | NUMBER | User identifier of process |
| GID | Number | Group identifier of process |
| COUNT | Number | Number of repeated operations represented by this record |
| OS | STRING | Operating system |
LW_HA_SYSCALLS_FILE
System call file activity
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | TIMESTAMP | Beginning of time interval |
| BATCH_END_TIME | TIMESTAMP | End of time interval |
| BATCH_ID | STRING | Identifier of insertion batch from agent. Useful for matching possibly related records. |
| RECORD_CREATED_TIME | TIMESTAMP | Record creation time |
| MID | NUMBER | Machine identifier |
| TARGET_TYPE | STRING | Type of the TARGET_PATH value ('file' or 'directory') |
| TARGET_OP | STRING | Operation performed on the target |
| TARGET_PATH | STRING | Path affected by the operation |
| WATCH_PATH | STRING | Path being monitored for activity |
| PID | NUMBER | Identifier of the process that performed the syscall |
| PID_HASH | NUMBER | Process hash of the process that performed the syscall |
| PPID | NUMBER | Parent process identifier assigned by OS |
| PPID_HASH | NUMBER | Unique identifier for parent process |
| UID | NUMBER | User identifier of process |
| GID | Number | Group identifier of process |
| COUNT | Number | Number of repeated operations represented by this record |
| OS | STRING | Operating system |
LW_HA_USER_LOGINS
Details about user logins
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| LOGIN_TIME | Timestamp | Time user login occurred |
| LOGOFF_TIME | Timestamp | Time user logoff occurred (NULL for TYPE = 'LOGIN') |
| EVENT_TYPE | String | Type of event ('LOGIN' or 'LOGOFF') |
| MID | Number | Machine identifier reporting the activity |
| USERNAME | String | Username of the user logging in or off |
| HOSTNAME | String | Hostname from which activity originated (or IP address if hostname is unknown) |
| IP_ADDR | String | IP address from which activity originated |
| TTY | String | Terminal into which user login occurred |
| UID | Number | Identifier of user |
| GID | Number | Group identifier of user |
LW_HA_WIN_REGISTRY
Windows registry activity
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | TIMESTAMP | Beginning of time interval |
| BATCH_END_TIME | TIMESTAMP | End of time interval |
| MID | NUMBER | Machine identifier |
| KEY_PATH | STRING | Registry key path |
| VALUE_NAME | STRING | Registry value name |
| VALUE_DATA | STRING | Registry value data |
| VALUE_DATA_TYPE | STRING | Registry value data type: string, multi-string, binaru, int64 |
| OLD_NAME | STRING | Previous registry key path (when operation is RENAME_KEY) |
| MODIFIED_TIME | TIMESTAMP | Timestamp of the activity |
| OPERATION | STRING | Registry modifying operation: CREATE_KEY, RENAME_KEY, DELETE_KEY, DELETE_VALUE, SET_VALUE |
| PID | NUMBER | PID of the process that performed the operation |
| PID_HASH | NUMBER | PID hash of the process that performed the operation |
| EXE_PATH | STRING | Executable path associated with registry activity |
| USERNAME | STRING | Username associated with the registry activity |
| HOSTNAME | STRING | Hostname associated with the registry activity |
LW_HE_ACCESS_SSH_AUTHORIZED_KEYS
Public SSH key entries in authorized_keys files from agentless disk scanning
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| BATCH_ID | String | Id of insertion batch from the scanner. Useful for matching possibly related records. |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| MID | Number | Machine ID |
| HOSTNAME | String | Hostname for the Machine where the detected key was found |
| IS_IN_CONTAINER | String | Whether the detected key was known to be from a container image, NULL if unknown |
| CONTAINER_KEY | JSON | Container image and layer from which the detected key originated if known |
| FILE_PATH | String | File path for the detected key |
| FILE_PERMISSIONS | Number | File permissions mask |
| FILE_CREATED_TIME | Timestamp | Created time of file |
| FILE_MODIFIED_TIME | Timestamp | Last modified time of file |
| FILE_ACCESSED_TIME | Timestamp | Last access time of file |
| OWNER_UID | Timestamp | File owner user ID |
| OWNER_GID | Timestamp | File owner group ID |
| SSH_KEY_TYPE | String | Type of SSH key |
| FINGERPRINT_OPENSSH_MD5 | String | OpenSSH MD5 fingerprint format |
| FINGERPRINT_OPENSSH_SHA256 | String | OpenSSH SHA256 fingerprint format |
| FINGERPRINT_RSA_MD5 | String | RSA MD5 fingerprint format |
LW_HE_CONTAINERS
Details about each host container
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| CONTAINER_START_TIME | Timestamp | Time the container started |
| MID | Number | Machine identifier of the container |
| CONTAINER_ID | String | Unique identifier for container |
| CONTAINER_TYPE | String | Type of container |
| IMAGE_ID | String | ID of the machine image this container is using |
| CONTAINER_NAME | String | Name of the container |
| PRIVILEGED | Number | Indicates whether the container is privileged. (1 = privileged, 0 = not privileged) |
| NETWORK_MODE | String | Mode the network is running in |
| PID_MODE | String | Mode for process iDs |
| IPV4 | String | 4-byte IP address |
| IPV6 | String | 6-byte IP address |
| LISTEN_PORT_MAP | JSON | Mappings for listening ports |
| VOLUME_MAP | JSON | Filesystem volume map |
| REPO | String | Repository this container came from |
| TAG | String | Tag for the container |
| PROPS_LABEL | JSON | Container labels |
| PROPS_ENV | JSON | Container environment settings |
LW_HE_FILES
Details about files on hosts
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| MID | Number | Machine identifier where the file resides |
| PATH | String | File path |
| FILE_NAME | String | Name of the file (last part of PATH) |
| INODE | Number | Inode of file |
| FILE_TYPE | String | Mime type of file |
| IS_LINK | Number | Is the file a symbolic link? |
| LINK_DEST_PATH | String | Symbolic link target |
| LINK_ABS_DEST_PATH | String | Absolute path of symbolic link target |
| OWNER_UID | Number | Identifier of user that owns file |
| OWNER_USERNAME | String | Name of user that owns file |
| OWNER_GID | Number | Identifier of group that owns file |
| METADATA_HASH | String | Hash key of file metadata |
| FILEDATA_HASH | String | Hash key of file contents |
| SIZE | Number | File size in bytes |
| BLOCK_SIZE | Number | Size in bytes of a single block for this file |
| BLOCK_COUNT | Number | File size in blocks |
| FILE_ACCESSED_TIME | Timestamp | Last access time of file |
| FILE_MODIFIED_TIME | Timestamp | Last modified time of file |
| FILE_CREATED_TIME | Timestamp | Created time of file |
| FILE_PERMISSIONS | Number | File permissions mask |
| HARD_LINK_COUNT | Number | Count of hard links to this file |
LW_HE_IMAGES
Details about images found on machines
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| IMAGE_CREATED_TIME | Timestamp | Time the image was created |
| MID | Number | Machine identifier where image was located |
| IMAGE_ID | String | Unique identifier for image |
| CONTAINER_TYPE | String | Type of container for the image |
| AUTHOR | String | Author of the image |
| REPO | String | Repository the image came from |
| TAG | String | Tag for the image |
| SIZE | Number | Size of the image in bytes |
| VIRTUAL_SIZE | Number | Size of the image in virtual memory |
| IMAGE_VERSION | String | Version identifier for the image |
| ACTIVE_COUNT | Number | Number of containers running on this image |
LW_HE_MACHINES
Details about each host machine
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| MID | Number | Lacework machine ID |
| HOSTNAME | String | Machine provided hostname |
| DOMAIN | String | Domain machine belongs to |
| KERNEL | String | Name of the kernel |
| KERNEL_RELEASE | String | Kernel release version |
| KERNEL_VERSION | String | Kernel detailed version |
| OS | String | OS name |
| OS_VERSION | String | OS version |
| OS_DESC | String | OS description |
| CPU_INFO | JSON | CPU information |
| MEMORY_INFO | JSON | Memory information |
| MACHINE_ID | JSON | Machine identifier |
| LAST_BOOT_TIME | Timestamp | Last timestamp from machine starting |
| LAST_BOOT_REASON | String | Reason the machine last rebooted |
| DEFAULT_ROUTER | String | Default router information |
| TAGS | JSON | Machine provided tag information |
| KERNEL_ARGS | String | Arguments used for kernel |
| ROUTE | JSON | Route information |
LW_HE_PROCESSES
Details about each host process
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| PROCESS_START_TIME | Timestamp | Time the process started |
| MID | Number | Machine ID on which the process was running |
| PID_HASH | Number | Unique identifier for process |
| PID | String | Process ID assigned by OS |
| PPID_HASH | Number | Unique identifier for parent process |
| PPID | Number | Parent process ID assigned by OS |
| PGID | Number | Process Group ID assigned by OS |
| SID | Number | Session ID assigned by OS |
| USERNAME | String | Name of the user that started the process |
| EUSERNAME | String | Effective username currently in use for the process |
| EXE_PATH | String | Path of the executable used to start the process |
| CMDLINE | String | Full command line used to start the process |
| CWD | String | Initial working directory of the process |
| ROOT | String | Root of filesystem |
| OS | String | Operating system |
LW_HE_SECRETS_SSH_PRIVATE_KEYS
Instances of detected SSH private keys from agentless disk scanning
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| BATCH_ID | String | Id of insertion batch from the scanner. Useful for matching possibly related records. |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| MID | Number | Machine ID |
| HOSTNAME | String | Hostname for the Machine where the detected key was found |
| IS_IN_CONTAINER | String | Whether the detected key was known to be from a container image, NULL if unknown |
| CONTAINER_KEY | JSON | Container image and layer from which the detected key originated if known |
| FILE_PATH | String | File path for the detected key |
| FILE_PERMISSIONS | Number | File permissions mask |
| FILE_CREATED_TIME | Timestamp | Created time of file |
| FILE_MODIFIED_TIME | Timestamp | Last modified time of file |
| FILE_ACCESSED_TIME | Timestamp | Last access time of file |
| OWNER_UID | Timestamp | File owner user Id |
| OWNER_GID | Timestamp | File owner group Id |
| SSH_KEY_TYPE | String | Type of SSH key |
| FINGERPRINT_OPENSSH_MD5 | String | OpenSSH MD5 fingerprint format |
| FINGERPRINT_OPENSSH_SHA256 | String | OpenSSH SHA256 fingerprint format |
| FINGERPRINT_RSA_MD5 | String | RSA MD5 fingerprint format |
| FINGERPRINT_PKCS8_SHA1 | String | PKCS8 fingerprint format |
LW_HE_SYSCALLS_PROCESSES
Details about processes involved in system calls
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | TIMESTAMP | Beginning of time interval |
| BATCH_END_TIME | TIMESTAMP | End of time interval |
| BATCH_ID | STRING | Identifier of insertion batch from agent. Useful for matching possibly related records. |
| RECORD_CREATED_TIME | TIMESTAMP | Record creation time |
| PROCESS_START_TIME | TIMESTAMP | Time the process started |
| MID | NUMBER | Machine identifier on which the process was running |
| PID_HASH | NUMBER | Unique identifier for process |
| PID | NUMBER | Process ID assigned by OS |
| PPID_HASH | NUMBER | Unique identifier for parent process |
| PPID | NUMBER | Parent process identifier assigned by OS |
| UID | NUMBER | User identifier of process |
| GID | Number | Group identifier of process |
| EXE_PATH | STRING | Path of the executable the process is running |
| CMDLINE | STRING | Full command line used to start the process |
| PEXE_PATH | STRING | Path of the executable the parent process is running |
| OS | STRING | Operating system |
LW_HE_USERS
Details about users associated with hosts
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| RECORD_CREATED_TIME | Timestamp | Record creation time |
| MID | Number | Machine identifier on which user was found |
| USERNAME | String | Username identifying the user |
| PRIMARY_GROUP_NAME | String | Primary group user belongs to |
| OTHER_GROUP_NAMES | JSON | Array of other groups for user |
| HOME_DIR | String | Home directory of user |
AWS Configuration Datasources
All AWS configuration datasources listed in this section have the same metadata available.
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| QUERY_START_TIME | Timestamp | Start time of query for this resource |
| QUERY_END_TIME | Timestamp | End time of query for this resource |
| ARN | String | ARN for the resource |
| API_KEY | String | Key describing the API used to fetch data for this resource |
| SERVICE | String | Service this resource belongs to |
| ACCOUNT_ID | String | AWS Account identifier |
| ACCOUNT_ALIAS | String | User friendly alias for AWS Account |
| RESOURCE_TYPE | String | Type of this resource |
| RESOURCE_ID | String | Identifier for this resource |
| RESOURCE_REGION | String | Region this resource belongs to |
| RESOURCE_CONFIG | JSON | JSON Definition of this resource |
| RESOURCE_TAGS | JSON | Tags associated with this resource |
All
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ALL | All AWS config API keys |
Access Analyzer
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ACCESSANALYZER | accessanalyzer list-analyzers |
| LW_CFG_AWS_ACCESSANALYZER_FINDINGS | accessanalyzer list-findings |
Accounts
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ACCOUNTS | List of AWS Accounts in this collection |
ACM
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ACM | acm list-certificates |
| LW_CFG_AWS_ACM_DESCRIBE_CERTIFICATE | acm describe-certificate |
AppSync
| Datasource | Description |
|---|---|
| LW_CFG_AWS_APPSYNC_API_KEYS | appsync list-api-keys |
| LW_CFG_AWS_APPSYNC_DATA_SOURCES | appsync list-data-sources |
| LW_CFG_AWS_APPSYNC_DOMAIN_NAMES | appsync list-domain-names |
| LW_CFG_AWS_APPSYNC_FUNCTIONS | appsync list-functions |
| LW_CFG_AWS_APPSYNC_GET_API_ASSOCIATION | appsync get-api-association |
| LW_CFG_AWS_APPSYNC_GET_API_CACHE | appsync get-api-cache |
| LW_CFG_AWS_APPSYNC_GRAPHQL_APIS | appsync list-graphql-apis |
| LW_CFG_AWS_APPSYNC_RESOLVERS | appsync list-resolvers |
| LW_CFG_AWS_APPSYNC_RESOLVERS_BY_FUNCTION | appsync list-resolvers-by-function |
| LW_CFG_AWS_APPSYNC_TYPES | appsync list-types |
Auto Scaling
| Datasource | Description |
|---|---|
| LW_CFG_AWS_AUTOSCALING | autoscaling describe-launch-configurations |
CloudFront
| Datasource | Description |
|---|---|
| LW_CFG_AWS_CLOUDFRONT | cloudfront list-distributions |
CloudTrail
| Datasource | Description |
|---|---|
| LW_CFG_AWS_CLOUDTRAIL | cloudtrail describe-trails |
| LW_CFG_AWS_CLOUDTRAIL_GET_EVENT_SELECTORS | cloudtrail get-event-selectors |
| LW_CFG_AWS_CLOUDTRAIL_GET_TRAIL_STATUS | cloudtrail get-trail-status |
CloudWatch
| Datasource | Description |
|---|---|
| LW_CFG_AWS_CLOUDWATCH | cloudwatch describe-alarms |
Config
| Datasource | Description |
|---|---|
| LW_CFG_AWS_CONFIG_CONFIGURATION_RECORDERS | configservice describe-configuration-recorders |
| LW_CFG_AWS_CONFIG_CONFIGURATION_RECORDERS_STATUS | configservice describe-configuration-recorder-status |
| LW_CFG_AWS_CONFIG_DELIVERY_CHANNELS | configservice describe-delivery-channels |
| LW_CFG_AWS_CONFIG_DELIVERY_CHANNELS_STATUS | configservice describe-delivery-channel-status |
DAX
| Datasource | Description |
|---|---|
| LW_CFG_AWS_DAX_CLUSTERS | dax describe-clusters |
| LW_CFG_AWS_DAX_PARAMETERS | dax describe-parameters |
| LW_CFG_AWS_DAX_PARAMETER_GROUPS | dax describe-parameter-groups |
| LW_CFG_AWS_DAX_SUBNET_GROUPS | dax describe-subnet-groups |
DynamoDB
| Datasource | Description |
|---|---|
| LW_CFG_AWS_DYNAMODB_TABLES | dynamodb list-tables |
| LW_CFG_AWS_DYNAMODB_TABLES_DESCRIBE_TABLE | dynamodb describe-table |
EC2
| Datasource | Description |
|---|---|
| LW_CFG_AWS_EC2_CUSTOMER_GATEWAYS | ec2 describe-customer-gateways |
| LW_CFG_AWS_EC2_DHCP_OPTIONS | ec2 describe-dhcp-options |
| LW_CFG_AWS_EC2_EBS_ENCRYPTION_BY_DEFAULT | ec2 get-ebs-encryption-by-default |
| LW_CFG_AWS_EC2_INSTANCES | ec2 describe-instances |
| LW_CFG_AWS_EC2_INTERNET_GATEWAYS | ec2 describe-internet-gateways |
| LW_CFG_AWS_EC2_KEY_PAIRS | ec2 describe-key-pairs |
| LW_CFG_AWS_EC2_NAT_GATEWAYS | ec2 describe-nat-gateways |
| LW_CFG_AWS_EC2_NETWORK_ACLS | ec2 describe-network-acls |
| LW_CFG_AWS_EC2_NETWORK_INTERFACES | ec2 describe-network-interfaces |
| LW_CFG_AWS_EC2_REGIONS | ec2 describe-regions |
| LW_CFG_AWS_EC2_ROUTE_TABLES | ec2 describe-route-tables |
| LW_CFG_AWS_EC2_SECURITY_GROUPS | ec2 describe-security-groups |
| LW_CFG_AWS_EC2_SNAPSHOTS | ec2 describe-snapshots |
| LW_CFG_AWS_EC2_SNAPSHOTS_DESCRIBE_ATTRIBUTES | ec2 describe-snapshot-attribute This currently contains only the values of the createVolumePermission attribute for non-encrypted volumes. |
| LW_CFG_AWS_EC2_SUBNETS | ec2 describe-subnets |
| LW_CFG_AWS_EC2_TRANSIT_GATEWAYS | ec2 describe-transit-gateways |
| LW_CFG_AWS_EC2_VOLUMES | ec2 describe-volumes |
| LW_CFG_AWS_EC2_VPC_ENDPOINTS | ec2 describe-vpc-endpoints |
| LW_CFG_AWS_EC2_VPC_FLOW_LOGS | ec2 describe-flow-logs |
| LW_CFG_AWS_EC2_VPC_PEERING_CONNECTIONS | ec2 describe-vpc-peering-connections |
| LW_CFG_AWS_EC2_VPCS | ec2 describe-vpcs |
| LW_CFG_AWS_EC2_VPN_CONNECTIONS | ec2 describe-vpn-connections |
| LW_CFG_AWS_EC2_VPN_GATEWAYS | ec2 describe-vpn-gateways |
ECR
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ECR_REPOSITORIES | ecr describe-repositories |
| LW_CFG_AWS_ECR_REPOSITORIES_GET_POLICY | ecr get-repository-policy |
ECS
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ECS_CLUSTERS | ecs list-clusters |
| LW_CFG_AWS_ECS_CLUSTERS_DESCRIBE_CLUSTER | ecs describe-clusters |
| LW_CFG_AWS_ECS_CONTAINER_INSTANCES | ecs list-container-instances |
| LW_CFG_AWS_ECS_DESCRIBE_CONTAINER_INSTANCES | ecs describe-container-instances |
| LW_CFG_AWS_ECS_DESCRIBE_SERVICES | ecs describe-services |
| LW_CFG_AWS_ECS_DESCRIBE_TASKS | ecs describe-tasks |
| LW_CFG_AWS_ECS_DESCRIBE_TASK_DEFINITION | ecs describe-task-definition |
| LW_CFG_AWS_ECS_SERVICES | ecs list-services |
| LW_CFG_AWS_ECS_TASKS | ecs list-tasks |
| LW_CFG_AWS_ECS_TASK_DEFINITIONS | ecs list-task-definitions |
EFS
| Datasource | Description |
|---|---|
| LW_CFG_AWS_EFS_DESCRIBE_ACCESS_POINTS | efs describe-file-systems |
| LW_CFG_AWS_EFS_DESCRIBE_ACCOUNT_PREFERENCES | efs describe-account-preferences |
| LW_CFG_AWS_EFS_DESCRIBE_BACKUP_POLICY | efs describe-backup-policy |
| LW_CFG_AWS_EFS_DESCRIBE_FILE_SYSTEMS | efs describe-file-systems |
| LW_CFG_AWS_EFS_DESCRIBE_FILE_SYSTEM_POLICY | efs describe-file-system-policy |
| LW_CFG_AWS_EFS_DESCRIBE_LIFECYCLE_CONFIGURATION | efs describe-lifecycle-configuration |
| LW_CFG_AWS_EFS_DESCRIBE_MOUNT_TARGETS | efs describe-mount-targets |
| LW_CFG_AWS_EFS_DESCRIBE_MOUNT_TARGET_SECURITY_GROUPS | efs describe-mount-target-security-groups |
| LW_CFG_AWS_EFS_DESCRIBE_REPLICATION_CONFIGURATIONS | efs describe-replication-configurations |
EKS
| Datasource | Description |
|---|---|
| LW_CFG_AWS_EKS_CLUSTERS | eks list-clusters |
| LW_CFG_AWS_EKS_CLUSTERS_DESCRIBE_CLUSTER | eks describe-cluster |
ElastiCache
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ELASTICACHE_DESCRIBE_REPLICATION_GROUPS | elasticache describe-replication-groups |
ELB
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ELB | elb describe-load-balancers |
| LW_CFG_AWS_ELB_DESCRIBE_POLICIES | elb describe-load-balancer-policies |
ELBv2
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ELBV2 | elbv2 describe-load-balancers |
| LW_CFG_AWS_ELBV2_DESCRIBE_ATTRIBUTES | elbv2 describe-load-balancer-attributes |
| LW_CFG_AWS_ELBV2_DESCRIBE_LISTENERS | elbv2 describe-listeners |
| LW_CFG_AWS_ELBV2_RULES | elbv2 describe-rules |
| LW_CFG_AWS_ELBV2_SSL_POLICIES | elbv2 describe-ssl-policies |
| LW_CFG_AWS_ELBV2_TARGET_GROUPS | elbv2 describe-target-groups |
| LW_CFG_AWS_ELBV2_TARGET_HEALTH | elbv2 describe-target-health |
EMR
| Datasource | Description |
|---|---|
| LW_CFG_AWS_EMR_CLUSTERS | emr list-clusters |
| LW_CFG_AWS_EMR_DESCRIBE_CLUSTER | emr describe-cluster |
| LW_CFG_AWS_EMR_DESCRIBE_SECURITY_CONFIGURATION | emr describe-security-configuration |
| LW_CFG_AWS_EMR_GET_BLOCK_PUBLIC_ACCESS_CONFIGURATION | emr get-block-public-access-configuration |
| LW_CFG_AWS_EMR_INSTANCES | emr list-instances |
| LW_CFG_AWS_EMR_INSTANCE_FLEETS | emr list-instance-fleets |
ES
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ES | es list-domain-names |
| LW_CFG_AWS_ES_DESCRIBE_DOMAIN | es describe-elasticsearch-domain |
Kinesis Data Firehose
| Datasource | Description |
|---|---|
| LW_CFG_AWS_FIREHOSE_DELIVERY_STREAMS | firehose list-delivery-streams |
| LW_CFG_AWS_FIREHOSE_DESCRIBE_DELIVERY_STREAM | firehose describe-delivery-stream |
IAM
| Datasource | Description |
|---|---|
| LW_CFG_AWS_IAM_ACCOUNT_PASSWORD_POLICY | iam get-account-password-policy |
| LW_CFG_AWS_IAM_ACCOUNT_SUMMARY | iam get-account-summary |
| LW_CFG_AWS_IAM_GET_GROUP_POLICY | iam get-group-policy |
| LW_CFG_AWS_IAM_GET_ROLE | iam get-role |
| LW_CFG_AWS_IAM_GET_USER | iam get-user |
| LW_CFG_AWS_IAM_GROUPS | iam list-groups |
| LW_CFG_AWS_IAM_GROUPS_GET_GROUP | iam get-group |
| LW_CFG_AWS_IAM_GROUPS_LIST_ATTACHED_POLICIES | iam list-attached-group-policies |
| LW_CFG_AWS_IAM_GROUP_POLICIES | iam list-group-policies |
| LW_CFG_AWS_IAM_INSTANCE_PROFILES | iam list-instance-profiles |
| LW_CFG_AWS_IAM_MFA_DEVICES | iam list-virtual-mfa-devices |
| LW_CFG_AWS_IAM_POLICIES | iam list-policies |
| LW_CFG_AWS_IAM_POLICIES_GET_VERSION | iam get-policy-version |
| LW_CFG_AWS_IAM_ROLES | iam list-roles |
| LW_CFG_AWS_IAM_ROLES_GET_POLICY | iam get-role-policy |
| LW_CFG_AWS_IAM_ROLES_LIST_ATTACHED_POLICIES | iam list-attached-role-policies |
| LW_CFG_AWS_IAM_ROLES_LIST_POLICIES | iam list-role-policies |
| LW_CFG_AWS_IAM_SAML_PROVIDERS | iam list-saml-providers |
| LW_CFG_AWS_IAM_SERVER_CERTIFICATES | iam list-server-certificates |
| LW_CFG_AWS_IAM_USERS | iam list-users |
| LW_CFG_AWS_IAM_USERS_GET_CREDENTIAL_REPORT | iam get-credential-report |
| LW_CFG_AWS_IAM_USERS_GET_POLICY | iam get-user-policy |
| LW_CFG_AWS_IAM_USERS_LIST_ACCESS_KEYS | iam list-access-keys |
| LW_CFG_AWS_IAM_USERS_LIST_ATTACHED_POLICIES | iam list-attached-user-policies |
| LW_CFG_AWS_IAM_USERS_LIST_MFA_DEVICES | iam list-mfa-devices |
| LW_CFG_AWS_IAM_USERS_LIST_POLICIES | iam list-user-policies |
| LW_CFG_AWS_IAM_USERS_LIST_SSH_PUBLIC_KEYS | iam list-ssh-public-keys |
Kinesis
| Datasource | Description |
|---|---|
| LW_CFG_AWS_KINESIS_DESCRIBE_STREAM_SUMMARY | kinesis describe-stream-summary |
| LW_CFG_AWS_KINESIS_STREAMS | kinesis list-streams |
KMS
| Datasource | Description |
|---|---|
| LW_CFG_AWS_KMS_ALIASES | kms list-aliases |
| LW_CFG_AWS_KMS_KEYS | kms list-keys |
| LW_CFG_AWS_KMS_KEYS_DESCRIBE_KEY | kms describe-key |
| LW_CFG_AWS_KMS_KEYS_GET_POLICY | kms get-key-policy |
| LW_CFG_AWS_KMS_KEYS_GET_ROTATION_STATUS | kms get-key-rotation-status |
Lambda
| Datasource | Description |
|---|---|
| LW_CFG_AWS_LAMBDA | lambda list-functions |
| LW_CFG_AWS_LAMBDA_GET_POLICY | lambda get-policy |
Logs
| Datasource | Description |
|---|---|
| LW_CFG_AWS_LOGS | logs describe-log-groups |
| LW_CFG_AWS_LOGS_DESCRIBE_METRIC_FILTERS | logs describe-metric-filters |
Opensearch
| Datasource | Description |
|---|---|
| LW_CFG_AWS_OPENSEARCH | opensearch list-domain-names |
| LW_CFG_AWS_OPENSEARCH_DESCRIBE_DOMAIN | opensearch describe-domain |
Organizations
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ORGANIZATIONS_ACCOUNTS | organizations list-accounts |
| LW_CFG_AWS_ORGANIZATIONS_ACCOUNTS_FOR_PARENT | organizations list-accounts-for-parent |
| LW_CFG_AWS_ORGANIZATIONS_AWS_SERVICE_ACCESS_FOR_ORGANIZATION | organizations list-aws-service-access-for-organization |
| LW_CFG_AWS_ORGANIZATIONS_DELEGATED_ADMINISTRATORS | organizations list-delegated-administrators |
| LW_CFG_AWS_ORGANIZATIONS_DELEGATED_SERVICES_FOR_ACCOUNT | organizations list-delegated-services-for-account |
| LW_CFG_AWS_ORGANIZATIONS_DESCRIBE_ACCOUNT | organizations describe-account |
| LW_CFG_AWS_ORGANIZATIONS_DESCRIBE_EFFECTIVE_POLICY | organizations describe-effective-policy |
| LW_CFG_AWS_ORGANIZATIONS_DESCRIBE_ORGANIZATION | organizations describe-organization |
| LW_CFG_AWS_ORGANIZATIONS_DESCRIBE_ORGANIZATIONAL_UNIT | organizations describe-organizational-unit |
| LW_CFG_AWS_ORGANIZATIONS_DESCRIBE_POLICY | organizations describe-policy |
| LW_CFG_AWS_ORGANIZATIONS_DESCRIBE_RESOURCE_POLICY | organizations describe-resource-policy |
| LW_CFG_AWS_ORGANIZATIONS_ORGANIZATIONAL_UNITS_FOR_PARENT | organizations list-organizational-units-for-parent |
| LW_CFG_AWS_ORGANIZATIONS_POLICIES | organizations list-policies |
| LW_CFG_AWS_ORGANIZATIONS_ROOTS | organizations list-roots |
| LW_CFG_AWS_ORGANIZATIONS_TARGETS_FOR_POLICY | organizations list-targets-for-policy |
RDS
| Datasource | Description |
|---|---|
| LW_CFG_AWS_RDS_CLUSTER_SNAPSHOTS | rds describe-db-cluster-snapshots |
| LW_CFG_AWS_RDS_CLUSTERS | rds describe-db-clusters |
| LW_CFG_AWS_RDS_DB_INSTANCES | rds describe-db-instances |
| LW_CFG_AWS_RDS_EVENT_SUBSCRIPTIONS | rds describe-event-subscriptions |
Redshift
| Datasource | Description |
|---|---|
| LW_CFG_AWS_REDSHIFT_CLUSTERS | redshift describe-clusters |
Route 53 Domains
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ROUTE53DOMAINS_DOMAINS | route53domains list-domains |
| LW_CFG_AWS_ROUTE53DOMAINS_GET_DOMAIN_DETAIL | route53domains get-domain-detail |
| LW_CFG_AWS_ROUTE53DOMAINS_GET_OPERATION_DETAIL | route53domains get-operation-detail |
| LW_CFG_AWS_ROUTE53DOMAINS_OPERATIONS | route53domains list-operations |
Route 53
| Datasource | Description |
|---|---|
| LW_CFG_AWS_ROUTE53_CIDR_BLOCKS | route53 list-cidr-blocks |
| LW_CFG_AWS_ROUTE53_CIDR_COLLECTIONS | route53 list-cidr-collections |
| LW_CFG_AWS_ROUTE53_CIDR_LOCATIONS | route53 list-cidr-locations |
| LW_CFG_AWS_ROUTE53_GEO_LOCATIONS | route53 list-geo-locations |
| LW_CFG_AWS_ROUTE53_GET_CHECKER_IP_RANGES | route53 get-checker-ip-ranges |
| LW_CFG_AWS_ROUTE53_GET_DNSSEC | route53 get-dnssec |
| LW_CFG_AWS_ROUTE53_GET_HEALTH_CHECK_LAST_FAILURE_REASON | route53 get-health-check-last-failure-reason |
| LW_CFG_AWS_ROUTE53_GET_HEALTH_CHECK_STATUS | route53 get-health-check-status |
| LW_CFG_AWS_ROUTE53_GET_HOSTED_ZONE | route53 get-hosted-zone |
| LW_CFG_AWS_ROUTE53_GET_HOSTED_ZONE_LIMIT | route53 get-hosted-zone-limit |
| LW_CFG_AWS_ROUTE53_GET_QUERY_LOGGING_CONFIG | route53 get-query-logging-config |
| LW_CFG_AWS_ROUTE53_GET_REUSABLE_DELEGATION_SET | route53 get-reusable-delegation-set |
| LW_CFG_AWS_ROUTE53_GET_TRAFFIC_POLICY | route53 get-traffic-policy |
| LW_CFG_AWS_ROUTE53_GET_TRAFFIC_POLICY_INSTANCE | route53 get-traffic-policy-instance |
| LW_CFG_AWS_ROUTE53_HEALTH_CHECKS | route53 list-health-checks |
| LW_CFG_AWS_ROUTE53_HOSTED_ZONES | route53 list-hosted-zones |
| LW_CFG_AWS_ROUTE53_QUERY_LOGGING_CONFIGS | route53 list-query-logging-configs |
| LW_CFG_AWS_ROUTE53_RESOURCE_RECORD_SETS | route53 list-resource-record-sets |
| LW_CFG_AWS_ROUTE53_REUSABLE_DELEGATION_SETS | route53 list-reusable-delegation-sets |
| LW_CFG_AWS_ROUTE53_TRAFFIC_POLICIES | route53 list-traffic-policies |
| LW_CFG_AWS_ROUTE53_TRAFFIC_POLICY_INSTANCES | route53 list-traffic-policy-instances |
| LW_CFG_AWS_ROUTE53_TRAFFIC_POLICY_VERSIONS | route53 list-traffic-policy-versions |
S3
| Datasource | Description |
|---|---|
| LW_CFG_AWS_S3 | s3api list-buckets |
| LW_CFG_AWS_S3_GET_BUCKET_ACL | s3api get-bucket-acl |
| LW_CFG_AWS_S3_GET_BUCKET_ENCRYPTION | s3api get-bucket-encryption |
| LW_CFG_AWS_S3_GET_BUCKET_LOGGING | s3api get-bucket-logging |
| LW_CFG_AWS_S3_GET_BUCKET_POLICY | s3api get-bucket-policy |
| LW_CFG_AWS_S3_GET_BUCKET_VERSIONING | s3api get-bucket-versioning |
| LW_CFG_AWS_S3_GET_PUBLIC_ACCESS_BLOCK | s3api get-public-access-block |
S3 Control
| Datasource | Description |
|---|---|
| LW_CFG_AWS_S3CONTROL_GET_PUBLIC_ACCESS_BLOCK | s3control get-public-access-block |
SageMaker
| Datasource | Description |
|---|---|
| LW_CFG_AWS_SAGEMAKER_ACTIONS | sagemaker list-actions |
| LW_CFG_AWS_SAGEMAKER_ALGORITHMS | sagemaker list-algorithms |
| LW_CFG_AWS_SAGEMAKER_ALIASES | sagemaker list-aliases |
| LW_CFG_AWS_SAGEMAKER_APPS | sagemaker list-apps |
| LW_CFG_AWS_SAGEMAKER_APP_IMAGE_CONFIGS | sagemaker list-app-image-configs |
| LW_CFG_AWS_SAGEMAKER_ARTIFACTS | sagemaker list-artifacts |
| LW_CFG_AWS_SAGEMAKER_AUTO_ML_JOBS | sagemaker list-auto-ml-jobs |
| LW_CFG_AWS_SAGEMAKER_CANDIDATES_FOR_AUTO_ML_JOB | sagemaker list-candidates-for-auto-ml-job |
| LW_CFG_AWS_SAGEMAKER_CODE_REPOSITORIES | sagemaker list-code-repositories |
| LW_CFG_AWS_SAGEMAKER_COMPILATION_JOBS | sagemaker list-compilation-jobs |
| LW_CFG_AWS_SAGEMAKER_CONTEXTS | sagemaker list-contexts |
| LW_CFG_AWS_SAGEMAKER_DATA_QUALITY_JOB_DEFINITIONS | sagemaker list-data-quality-job-definitions |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_ACTION | sagemaker describe-action |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_ALGORITHM | sagemaker describe-algorithm |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_APP | sagemaker describe-app |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_APP_IMAGE_CONFIG | sagemaker describe-app-image-config |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_ARTIFACT | sagemaker describe-artifact |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_AUTO_ML_JOB | sagemaker describe-auto-ml-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_CODE_REPOSITORY | sagemaker describe-code-repository |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_COMPILATION_JOB | sagemaker describe-compilation-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_CONTEXT | sagemaker describe-context |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_DEVICE | sagemaker describe-device |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_DEVICE_FLEET | sagemaker describe-device-fleet |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_DOMAIN | sagemaker describe-domain |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_EDGE_DEPLOYMENT_PLAN | sagemaker describe-edge-deployment-plan |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_EDGE_PACKAGING_JOB | sagemaker describe-edge-packaging-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_ENDPOINT | sagemaker describe-endpoint |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_ENDPOINT_CONFIG | sagemaker describe-endpoint-config |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_EXPERIMENT | sagemaker describe-experiment |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_FEATURE_GROUP | sagemaker describe-feature-group |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_FLOW_DEFINITION | sagemaker describe-flow-definition |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_HUMAN_TASK_UI | sagemaker describe-human-task-ui |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_HYPER_PARAMETER_TUNING_JOB | sagemaker describe-hyper-parameter-tuning-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_IMAGE | sagemaker describe-image |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_IMAGE_VERSION | sagemaker describe-image-version |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_INFERENCE_EXPERIMENT | sagemaker describe-inference-experiment |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_INFERENCE_RECOMMENDATIONS_JOB | sagemaker describe-inference-recommendations-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_LABELING_JOB | sagemaker describe-labeling-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_LINEAGE_GROUP | sagemaker describe-lineage-group |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_MODEL | sagemaker describe-model |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_MODEL_CARD | sagemaker describe-model-card |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_MODEL_CARD_EXPORT_JOB | sagemaker describe-model-card-export-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_MODEL_PACKAGE | sagemaker describe-model-package |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_MODEL_PACKAGE_GROUP | sagemaker describe-model-package-group |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_MONITORING_SCHEDULE | sagemaker describe-monitoring-schedule |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_NOTEBOOK_INSTANCE | sagemaker describe-notebook-instance |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_NOTEBOOK_INSTANCE_LIFECYCLE_CONFIG | sagemaker describe-notebook-instance-lifecycle-config |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_PIPELINE | sagemaker describe-pipeline |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_PIPELINE_DEFINITION_FOR_EXECUTION | sagemaker describe-pipeline-definition-for-execution |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_PIPELINE_EXECUTION | sagemaker describe-pipeline-execution |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_PROCESSING_JOB | sagemaker describe-processing-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_PROJECT | sagemaker describe-project |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_SPACE | sagemaker describe-space |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_STUDIO_LIFECYCLE_CONFIG | sagemaker describe-studio-lifecycle-config |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_SUBSCRIBED_WORKTEAM | sagemaker describe-subscribed-workteam |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_TRAINING_JOB | sagemaker describe-training-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_TRANSFORM_JOB | sagemaker describe-transform-job |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_TRIAL | sagemaker describe-trial |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_TRIAL_COMPONENT | sagemaker describe-trial-component |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_USER_PROFILE | sagemaker describe-user-profile |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_WORKFORCE | sagemaker describe-workforce |
| LW_CFG_AWS_SAGEMAKER_DESCRIBE_WORKTEAM | sagemaker describe-workteam |
| LW_CFG_AWS_SAGEMAKER_DEVICES | sagemaker list-devices |
| LW_CFG_AWS_SAGEMAKER_DEVICE_FLEETS | sagemaker list-device-fleets |
| LW_CFG_AWS_SAGEMAKER_DOMAINS | sagemaker list-domains |
| LW_CFG_AWS_SAGEMAKER_EDGE_DEPLOYMENT_PLANS | sagemaker list-edge-deployment-plans |
| LW_CFG_AWS_SAGEMAKER_EDGE_PACKAGING_JOBS | sagemaker list-edge-packaging-jobs |
| LW_CFG_AWS_SAGEMAKER_ENDPOINTS | sagemaker list-endpoints |
| LW_CFG_AWS_SAGEMAKER_ENDPOINT_CONFIGS | sagemaker list-endpoint-configs |
| LW_CFG_AWS_SAGEMAKER_EXPERIMENTS | sagemaker list-experiments |
| LW_CFG_AWS_SAGEMAKER_FEATURE_GROUPS | sagemaker list-feature-groups |
| LW_CFG_AWS_SAGEMAKER_FLOW_DEFINITIONS | sagemaker list-flow-definitions |
| LW_CFG_AWS_SAGEMAKER_GET_DEVICE_FLEET_REPORT | sagemaker get-device-fleet-report |
| LW_CFG_AWS_SAGEMAKER_GET_LINEAGE_GROUP_POLICY | sagemaker get-lineage-group-policy |
| LW_CFG_AWS_SAGEMAKER_GET_MODEL_PACKAGE_GROUP_POLICY | sagemaker get-model-package-group-policy |
| LW_CFG_AWS_SAGEMAKER_HUMAN_TASK_UIS | sagemaker list-human-task-uis |
| LW_CFG_AWS_SAGEMAKER_HYPER_PARAMETER_TUNING_JOBS | sagemaker list-hyper-parameter-tuning-jobs |
| LW_CFG_AWS_SAGEMAKER_IMAGES | sagemaker list-images |
| LW_CFG_AWS_SAGEMAKER_IMAGE_VERSIONS | sagemaker list-image-versions |
| LW_CFG_AWS_SAGEMAKER_INFERENCE_EXPERIMENTS | sagemaker list-inference-experiments |
| LW_CFG_AWS_SAGEMAKER_INFERENCE_RECOMMENDATIONS_JOBS | sagemaker list-inference-recommendations-jobs |
| LW_CFG_AWS_SAGEMAKER_INFERENCE_RECOMMENDATIONS_JOB_STEPS | sagemaker list-inference-recommendations-job-steps |
| LW_CFG_AWS_SAGEMAKER_LABELING_JOBS | sagemaker list-labeling-jobs |
| LW_CFG_AWS_SAGEMAKER_LABELING_JOBS_FOR_WORKTEAM | sagemaker list-labeling-jobs-for-workteam |
| LW_CFG_AWS_SAGEMAKER_LINEAGE_GROUPS | sagemaker list-lineage-groups |
| LW_CFG_AWS_SAGEMAKER_MODELS | sagemaker list-models |
| LW_CFG_AWS_SAGEMAKER_MODEL_BIAS_JOB_DEFINITIONS | sagemaker list-model-bias-job-definitions |
| LW_CFG_AWS_SAGEMAKER_MODEL_CARDS | sagemaker list-model-cards |
| LW_CFG_AWS_SAGEMAKER_MODEL_CARD_EXPORT_JOBS | sagemaker list-model-card-export-jobs |
| LW_CFG_AWS_SAGEMAKER_MODEL_CARD_VERSIONS | sagemaker list-model-card-versions |
| LW_CFG_AWS_SAGEMAKER_MODEL_EXPLAINABILITY_JOB_DEFINITIONS | sagemaker list-model-explainability-job-definitions |
| LW_CFG_AWS_SAGEMAKER_MODEL_PACKAGES | sagemaker list-model-packages |
| LW_CFG_AWS_SAGEMAKER_MODEL_PACKAGE_GROUPS | sagemaker list-model-package-groups |
| LW_CFG_AWS_SAGEMAKER_MODEL_QUALITY_JOB_DEFINITIONS | sagemaker list-model-quality-job-definitions |
| LW_CFG_AWS_SAGEMAKER_MONITORING_ALERTS | sagemaker list-monitoring-alerts |
| LW_CFG_AWS_SAGEMAKER_NOTEBOOK_INSTANCES | sagemaker list-notebook-instances |
| LW_CFG_AWS_SAGEMAKER_NOTEBOOK_INSTANCE_LIFECYCLE_CONFIGS | sagemaker list-notebook-instance-lifecycle-configs |
| LW_CFG_AWS_SAGEMAKER_PIPELINES | sagemaker list-pipelines |
| LW_CFG_AWS_SAGEMAKER_PIPELINE_EXECUTIONS | sagemaker list-pipeline-executions |
| LW_CFG_AWS_SAGEMAKER_PIPELINE_PARAMETERS_FOR_EXECUTION | sagemaker list-pipeline-parameters-for-execution |
| LW_CFG_AWS_SAGEMAKER_PROCESSING_JOBS | sagemaker list-processing-jobs |
| LW_CFG_AWS_SAGEMAKER_PROJECTS | sagemaker list-projects |
| LW_CFG_AWS_SAGEMAKER_SPACES | sagemaker list-spaces |
| LW_CFG_AWS_SAGEMAKER_STUDIO_LIFECYCLE_CONFIGS | sagemaker list-studio-lifecycle-configs |
| LW_CFG_AWS_SAGEMAKER_SUBSCRIBED_WORKTEAMS | sagemaker list-subscribed-workteams |
| LW_CFG_AWS_SAGEMAKER_TRAINING_JOBS | sagemaker list-training-jobs |
| LW_CFG_AWS_SAGEMAKER_TRAINING_JOBS_FOR_HYPER_PARAMETER_TUNING_JOB | sagemaker list-training-jobs-for-hyper-parameter-tuning-job |
| LW_CFG_AWS_SAGEMAKER_TRANSFORM_JOBS | sagemaker list-transform-jobs |
| LW_CFG_AWS_SAGEMAKER_TRIALS | sagemaker list-trials |
| LW_CFG_AWS_SAGEMAKER_TRIAL_COMPONENTS | sagemaker list-trial-components |
| LW_CFG_AWS_SAGEMAKER_USER_PROFILES | sagemaker list-user-profiles |
| LW_CFG_AWS_SAGEMAKER_WORKFORCES | sagemaker list-workforces |
| LW_CFG_AWS_SAGEMAKER_WORKTEAMS | sagemaker list-workteams |
Secrets Manager
| Datasource | Description |
|---|---|
| LW_CFG_AWS_SECRETSMANAGER_DESCRIBE_SECRET | secretsmanager describe-secret |
| LW_CFG_AWS_SECRETSMANAGER_GET_RESOURCE_POLICY | secretsmanager get-resource-policy |
| LW_CFG_AWS_SECRETSMANAGER_SECRETS | secretsmanager list-secrets |
| LW_CFG_AWS_SECRETSMANAGER_SECRET_VERSION_IDS | secretsmanager list-secret-version-ids |
Service Quotas
| Datasource | Description |
|---|---|
| LW_CFG_AWS_SERVICE_QUOTAS_SERVICES | service-quotas list-services |
| LW_CFG_AWS_SERVICE_QUOTAS_SERVICE_QUOTAS | service-quotas list-service-quotas |
SNS
| Datasource | Description |
|---|---|
| LW_CFG_AWS_SNS_SUBSCRIPTIONS | sns list-subscriptions |
| LW_CFG_AWS_SNS_TOPICS | sns list-topics |
SQS
| Datasource | Description |
|---|---|
| LW_CFG_AWS_SQS_QUEUES | sqs list-queues |
| LW_CFG_AWS_SQS_QUEUE_ATTRIBUTES | sqs get-queue-attributes |
WAF V2
| Datasource | Description |
|---|---|
| LW_CFG_AWS_WAFV2_GET_WEB_ACL | wafv2 get-web-acl |
| LW_CFG_AWS_WAFV2_LIST_RESOURCES_FOR_WEB_ACL | wafv2 list-resources-for-web-acl |
| LW_CFG_AWS_WAFV2_RULE_GROUPS | wafv2 list-rule-groups |
| LW_CFG_AWS_WAFV2_WEB_ACLS | wafv2 list-web-acls |
WAF
| Datasource | Description |
|---|---|
| LW_CFG_AWS_WAF_IP_SETS | waf list-ip-sets |
| LW_CFG_AWS_WAF_REGEX_PATTERN_SETS | waf list-regex-pattern-sets |
CloudTrailRawEvents
Events reported by AWS CloudTrail service.
| Column Name | Data Type | Description |
|---|---|---|
| INSERT_ID | Number | Generated identification |
| INSERT_TIME | Timestamp | Time the event was created |
| EVENT_TIME | Timestamp | Time the event occurred |
| EVENT | JSON | Content of the event |
| EVENT_SOURCE | String | The source AWS service principal of the event |
| EVENT_NAME | String | Name of the event |
| ERROR_CODE | String | Code for the error |
Google Cloud Configuration Datasources
All Google Cloud configuration datasources listed in this section have the same metadata available.
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | Timestamp | Beginning of time interval |
| BATCH_END_TIME | Timestamp | End of time interval |
| QUERY_START_TIME | Timestamp | Start time of query for this resource |
| QUERY_END_TIME | Timestamp | End time of query for this resource |
| URN | String | URN for the resource |
| API_KEY | String | Key describing the API used to fetch data for this resource |
| SERVICE | String | Service this resource belongs to |
| ORGANIZATION_ID | Number | Google Cloud Organization ID |
| ORGANIZATION_NAME | String | Google Cloud Organization name |
| PROJECT_NUMBER | Number | Google Cloud Project number |
| PROJECT_ID | String | Unique ID for the project |
| PROJECT_NAME | String | Project Name (display name) |
| FOLDER_IDS | JSON | Numeric folder IDs as an array |
| FOLDER_NAMES | JSON | Human-friendly folder names as an array. Though a corresponding entry in FOLDER_NAMES exists for each entry in FOLDER_IDS, Lacework may not be able to retrieve it due to permissions, which depend on the integration. Most project integrations will not have the necessary permissions to resolve the folderNames. |
| PARENT_RESOURCE_ID | String | Parent resource ID for this resource |
| RESOURCE_TYPE | String | Type of this resource |
| RESOURCE_ID | String | Identifier for this resource |
| RESOURCE_REGION | String | Region this resource belongs to |
| RESOURCE_CONFIG | JSON | JSON Definition of this resource |
| RESOURCE_TAGS | JSON | Tags (labels) associated with this resource |
BigQuery
| Datasource | Description |
|---|---|
| LW_CFG_GCP_BIGQUERY_DATASET | Google Cloud bigquery Dataset resource objects |
| LW_CFG_GCP_BIGQUERY_DATASET_IAMPOLICY | Google Cloud bigquery Dataset IAMPolicy objects (the corresponding access permissions for bigquery Dataset IAMPolicy) |
| LW_CFG_GCP_BIGQUERY_TABLE | Google Cloud bigquery Table resource objects |
Key Management Service
| Datasource | Description |
|---|---|
| LW_CFG_GCP_CLOUDKMS_CRYPTOKEY | Google Cloud cloudkms CryptoKey resource objects |
| LW_CFG_GCP_CLOUDKMS_CRYPTOKEYS_IAMPOLICY | Google Cloud cloudkms CryptoKey IAMPolicy objects (the corresponding access permissions for cloudkms CryptoKey IAMPolicy) |
Resource Manager
Compute Engine
| Datasource | Description |
|---|---|
| LW_CFG_GCP_COMPUTE_DISK | Google Cloud compute Disk resource objects |
| LW_CFG_GCP_COMPUTE_FIREWALL | Google Cloud compute Firewall resource objects |
| LW_CFG_GCP_COMPUTE_INSTANCE | Google Cloud compute Instance resource objects |
| LW_CFG_GCP_COMPUTE_NETWORK | Google Cloud compute Network resource objects |
| LW_CFG_GCP_COMPUTE_SSLPOLICY | Google Cloud compute SslPolicy resource objects |
| LW_CFG_GCP_COMPUTE_SUBNETWORK | Google Cloud compute Subnetwork resource objects |
| LW_CFG_GCP_COMPUTE_TARGETHTTPSPROXY | Google Cloud compute TargetHttpsProxy resource objects |
| LW_CFG_GCP_COMPUTE_TARGETSSLPROXY | Google Cloud compute TargetSslProxy resource objects |
Dataproc
| Datasource | Description |
|---|---|
| LW_CFG_GCP_DATAPROC_CLUSTER | Google Cloud dataproc Cluster resource objects |
DNS
| Datasource | Description |
|---|---|
| LW_CFG_GCP_DNS_MANAGEDZONE | Google Cloud dns ManagedZone resource objects |
| LW_CFG_GCP_DNS_POLICY | Google Cloud dns Policy resource objects |
Essential Contact
| Datasource | Description |
|---|---|
| LW_CFG_GCP_ESSENTIALCONTACT_CONTACT | Google Cloud Essential Contacts contacts resource objects |
Identity and Access Management
| Datasource | Description |
|---|---|
| LW_CFG_GCP_IAM_SERVICEACCOUNT | Google Cloud iam ServiceAccount resource objects |
| LW_CFG_GCP_IAM_SERVICEACCOUNT_IAMPOLICY | Google Cloud iam ServiceAccount IAMPolicy objects (the corresponding access permissions for iam ServiceAccount IAMPolicy) |
| LW_CFG_GCP_IAM_SERVICEACCOUNTKEY | Google Cloud iam ServiceAccountKey resource objects |
Logging
| Datasource | Description |
|---|---|
| LW_CFG_GCP_LOGGING_LOGMETRIC | Google Cloud logging LogMetric resource objects |
| LW_CFG_GCP_LOGGING_LOGSINK | Google Cloud logging LogSink resource objects |
Monitoring
| Datasource | Description |
|---|---|
| LW_CFG_GCP_MONITORING_ALERTPOLICY | Google Cloud monitoring AlertPolicy resource objects |
Service Usage
| Datasource | Description |
|---|---|
| LW_CFG_GCP_SERVICEUSAGE_SERVICE | Google Cloud serviceusage Service resource objects |
SQL
| Datasource | Description |
|---|---|
| LW_CFG_GCP_SQLADMIN_INSTANCE | Google Cloud sqladmin Instance resource objects |
Storage
| Datasource | Description |
|---|---|
| LW_CFG_GCP_STORAGE_BUCKET | Google Cloud storage Bucket resource objects |
| LW_CFG_GCP_STORAGE_BUCKET_POLICY | Google Cloud storage Bucket IAMPolicy objects (the corresponding access permissions for storage Bucket IAMPolicy) |
Google Cloud Audit Log Activity
The LW_ACT_GCP_ACTIVITY datasource contains events for the Pub/Sub-based audit log integration.
| Column Name | Data Type | Description |
|---|---|---|
| INSERT_ID | Number | Unique ID for each entry |
| INSERT_TIME | Timestamp | Time the data was inserted into the table |
| EVENT_TIME | Timestamp | Time the event occurred |
| EVENT | JSON | JSON description of the event |
| ORGANIZATION_ID | String | Organization identifier |
| PROJECT_ID | String | Project identifier |
| EVENT_SOURCE | String | API that generated the event |
| EVENT_NAME | String | Method on the API invoked for this event |
| ERROR_CODE | String | Error code returned for this event |
Azure Configuration Datasources
Azure Resource Graph Configuration Datasources
All Azure Resource Graph configuration datasources listed in this section have the same metadata available.
| Column Name | Data Type | Description |
|---|---|---|
| BATCH_START_TIME | TIMESTAMP | Beginning of time interval |
| BATCH_END_TIME | TIMESTAMP | End of time interval |
| QUERY_START_TIME | TIMESTAMP | Start time of query for this resource |
| QUERY_END_TIME | TIMESTAMP | End time of query for this resource |
| URN | STRING | URN of the resource. This is a unique ID for the resource across all tenants/subscriptions. |
| API_KEY | STRING | Key describing the API used to fetch data for this resource |
| SERVICE | STRING | Service this resource belongs to |
| TENANT_ID | STRING | AZURE Tenant ID |
| TENANT_NAME | STRING | AZURE Tenant Name |
| SUBSCRIPTION_ID | STRING | Subscription ID |
| SUBSCRIPTION_NAME | STRING | Subscription Name |
| RESOURCE_GROUP | STRING | Group of this resource |
| RESOURCE_TYPE | STRING | Type of this resource |
| RESOURCE_ID | STRING | Identifier for this resource |
| RESOURCE_REGION | STRING | Region this resource belongs to |
| RESOURCE_CONFIG | JSON | JSON Definition of this resource |
| RESOURCE_TAGS | JSON | Tags associated with this resource |
Azure Active Directory Configuration Datasources
All Azure Active Directory configuration datasources listed in this section have the same metadata available.
| Column Name | Data Type | Description |
|---|---|---|
| URN | String | URN of the resource |
| SERVICE | String | Service this resource belongs to |
| RESOURCE_TYPE | String | Type of this resource |
| RESOURCE_REGION | String | Region this resource belongs to |
| RESOURCE_CONFIG | JSON | SON Definition of this resource |
| RESOURCE_TAGS | JSON | Tags associated with this resource |
| RESOURCE_TYPE_VERSION | String | The Azure Cloud Solution Provider version of this resource |
| KEYS | JSON | Keys describing the tenant of this resource |
note
For Users resource, Lacework ingests only the following attributes:
iddisplayNameuserPrincipalNameuserTypepasswordPoliciesonPremisesExtensionAttributes
For Members resource, Lacework ingests only the following attributes:
iddisplayName
Organization
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_ORGANIZATION | Azure Organization resource objects |
User
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_USER | Azure User resource objects |
Group
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_GROUP | Azure Group resource objects |
Group Member
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_GROUP_MEMBER | Azure Group Member resource objects |
Group Owner
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_GROUP_OWNER | Azure Group Owner resource objects |
Service Principal
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_SERVICEPRINCIPAL | Azure Service Principal resource objects |
App Role Assignment
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_APPROLEASSIGNMENT | Azure App Role Assignment resource objects |
Directory Role
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_DIRECTORYROLE | Azure Directory Role resource objects |
Domain
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_DOMAIN | Azure Domain resource objects |
Administrative Unit
| Datasource | Description |
|---|---|
| LW_CFG_AZURE_ADMINISTRATIVEUNIT | Azure Administrative Unit resource objects |