Skip to content

Lacework API Keys

Service Name: Lacework

Service Description: Lacework is a cloud security platform that provides automated threat detection, compliance monitoring, and security visibility across cloud environments. It helps organizations identify vulnerabilities, detect threats, and ensure compliance in multi-cloud environments.

Service Address: https://www.lacework.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through Lacework's access control settings.

Secret Access Scope: Lacework API keys grant programmatic access to the Lacework platform, allowing users to interact with Lacework services, retrieve security data, manage configurations, and automate security workflows.

Secret Revokement URL: https://docs.lacework.com/console/api-access-keys#managing-api-keys

Secret Example: LACEWORK_INT_X123456789ABCDEF0123456789ABCDEF0123456:1234567890abcdefghijk lmnopqrstuvwxyz1234567890ABCDEFG=

Suspicious Activity Investigation Instructions:

  • Review the Lacework audit logs for unusual API calls or access patterns.
  • Check for unauthorized changes to security configurations or policies.
  • Monitor for unusual data export activities or changes to alert configurations.
  • Verify if the API key was used from unusual geographic locations or IP addresses.
  • Review any automation tools or integrations that might be using the compromised API key.

Mitigation Instructions:

  • Log in to the Lacework Console with administrator credentials.
  • Navigate to Settings > API Keys.
  • Locate the compromised API key in the list.
  • Click the "Revoke" button next to the compromised key to immediately invalidate it.
  • Create a new API key if needed for legitimate services.
  • Update any legitimate applications, scripts, or integrations with the new API key.
  • Review and update your API key rotation policies to ensure regular rotation of credentials.
  • Consider implementing more restrictive access controls for API keys.