Lacework

Monitor all processes and applications in your cloud.

Request a DemoRead the Docs

App Info

Monitor Lacework logs to gain complete visibility into processes and applications in your cloud and container environments with Panther’s Lacework integration.

Lacework is a cloud security platform for DevOps, workloads, and cloud containers, and includes an agent for collecting important host-based data. Panther can collect, normalize, and monitor Lacework logs to help you identify suspicious activity in real-time. Your normalized data is then retained to power future security investigations in a data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built-in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for Lacework with Panther include:

  • Identify containers and hosts not running Lacework
  • Monitor suspicious logs and operational anomalies

How it Works

The integration is simple and fast:

  • Send Lacework logs to an AWS S3 Bucket
  • Add your S3 Bucket as a data source in Panther
  • Panther will parse, normalize, and analyze your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer (Enterprise only)
  • Sit back and monitor your activity!

Learn more about Panther's supported log schema for Lacework.