Lacework API Keys
Service Name: Lacework
Service Description: Lacework is a cloud security platform that provides automated threat detection, compliance monitoring, and security visibility across cloud environments. It helps organizations identify vulnerabilities, detect threats, and ensure compliance in multi-cloud environments.
Service Address: https://www.lacework.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Lacework's access control settings.
Secret Access Scope: Lacework API keys grant programmatic access to the Lacework platform, allowing users to interact with Lacework services, retrieve security data, manage configurations, and automate security workflows.
Secret Revokement URL: https://docs.lacework.com/console/api-access-keys#managing-api-keys
Secret Example: LACEWORK_INT_X123456789ABCDEF0123456789ABCDEF0123456:1234567890abcdefghijk lmnopqrstuvwxyz1234567890ABCDEFG=
Suspicious Activity Investigation Instructions:
- Review the Lacework audit logs for unusual API calls or access patterns.
- Check for unauthorized changes to security configurations or policies.
- Monitor for unusual data export activities or changes to alert configurations.
- Verify if the API key was used from unusual geographic locations or IP addresses.
- Review any automation tools or integrations that might be using the compromised API key.
Mitigation Instructions:
- Log in to the Lacework Console with administrator credentials.
- Navigate to Settings > API Keys.
- Locate the compromised API key in the list.
- Click the "Revoke" button next to the compromised key to immediately invalidate it.
- Create a new API key if needed for legitimate services.
- Update any legitimate applications, scripts, or integrations with the new API key.
- Review and update your API key rotation policies to ensure regular rotation of credentials.
- Consider implementing more restrictive access controls for API keys.