Monitor Lacework logs to gain complete visibility into processes and applications in your cloud and container environments with Panther’s Lacework integration.
Lacework is a cloud security platform for DevOps, workloads, and cloud containers, and includes an agent for collecting important host-based data. Panther can collect, normalize, and monitor Lacework logs to help you identify suspicious activity in real-time. Your normalized data is then retained to power future security investigations in a data lake powered by AWS or the cloud-native data platform, Snowflake.
Use Panther’s built-in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.
Common security use cases for Lacework with Panther include:
- Identify containers and hosts not running Lacework
- Monitor suspicious logs and operational anomalies
How it Works
The integration is simple and fast:
- Send Lacework logs to an AWS S3 Bucket
- Add your S3 Bucket as a data source in Panther
- Panther will parse, normalize, and analyze your log data in real-time
- As rules are triggered, alerts are sent to your configured destinations
- Normalized logs can be searched from Panther’s Data Explorer (Enterprise only)
- Sit back and monitor your activity!
Learn more about Panther's supported log schema for Lacework.