Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
Administration Guide
Getting started with Lacework FortiCNAPP
Lacework FortiCNAPP Overview
Onboarding Overview
Launch Onboarding
Onboarding Tasks
Prepare the Environment for Lacework FortiCNAPP
Terraform for Lacework
Get Started with Terraform for Lacework FortiCNAPP
Single Role Terraform Deployment
Manage Cloud Integrations with Terraform
Maintain Cloud Integrations with Terraform
Manage Alert Channels with Terraform
Manage Alert Profiles with Terraform
Manage Alert Rules with Terraform
Manage Resource Groups with Terraform
Lacework FAQs
Lacework FortiCNAPP FAQ
Support Portal FAQ
Integration
AWS Integration
Lacework FortiCNAPP Foundational Technical Review Assessor
AWS terraform
AWS Integration - Guided Configuration
AWS Integration - Terraform from AWS CloudShell
AWS Integration - Terraform from Any Supported Host
AWS Integration Using CloudFormation
AWS Control Tower Integration Using CloudFormation
Integration with S3 Buckets Using SSE-KMS
AWS console
AWS CloudTrail Integration Prerequisites
AWS Configuration Integration Prerequisites
AWS Integration - Manual Configuration
AWS GovCloud Integration
AWS CloudTrail Integration for Organizations
AWS CloudTrail Account Mapping for Organizations
Update the External ID of an Existing AWS Integration
Lacework FortiCNAPP for AWS FAQ
Azure Integration
Create an Azure App for Integration
Azure terraform
Azure Integration - Guided Configuration
Azure Integration - Terraform from Azure Cloud Shell
Azure Integration - Terraform from Any Supported Host
Azure portal
Azure Activity Log Integration - Manual Configuration
Azure Configuration Integration - Manual Configuration
Gather Azure Client ID, Tenant ID, and Client Secret
Lacework FortiCNAPP for Azure FAQ
Google Cloud Integration
Required Roles for Google Cloud Configuration and Audit Log Integrations
Create a Google Cloud Service Account and Grant Access
Google cloud Terraform
Google Cloud Integration - Guided Configuration
Pub/Sub-Based Google Cloud Integration - Terraform from Google Cloud Shell
Pub/Sub-Based Google Cloud Integration - Terraform from Any Supported Host
Migrate From Storage-Based to Pub/Sub-Based Google Cloud Audit Log Integration Using Terraform
Storage-Based Google Cloud Integration - Terraform from Google Cloud Shell
Storage-Based Google Cloud Integration - Terraform from Any Supported Host
Google cloud console
Pub/Sub-Based Google Cloud Audit Log Integration - Manual Configuration
Migrate From Storage-Based to Pub/Sub-Based Google Cloud Audit Log Integration - Manual Configuration
Storage-Based Google Cloud Audit Log Integration - Manual Configuration
Google Cloud Configuration Integration - Manual Configuration
Enable the Required Google Cloud APIs
Delete a Lacework FortiCNAPP Integration from Google Cloud
Lacework FortiCNAPP for Google Cloud FAQ
Integrate Lacework FortiCNAPP with OCI
Required Roles for OCI Integration
Integrate OCI with Terraform
Integrate OCI Manually
Set up a Lacework FortiCNAPP User in OCI
Add the OCI Integration
Provision Access to OCI Resources with Resource Groups
Rotate the OCI API Key
Kubernetes Compliance Integrations
Supported Environments and Prerequisites for Kubernetes Compliance
Kubernetes Compliance Integration Using Helm
Kubernetes Compliance Integration Using Terraform
Compliance
Cloud compliance
Cloud Compliance Dashboard
Kubernetes compliance
Kubernetes Compliance Dashboard
Kubernetes Compliance FAQs
Kubernetes Troubleshooting
Posture Policies
Create a Custom Compliance Policy
Modify Compliance and Violation Policies
Manage Custom Policies with Terraform
Manage Policy Exceptions with Terraform
Add Compliance Policy Exceptions in the Lacework FortiCNAPP Console
Manage Compliance Policy Exceptions in the Lacework FortiCNAPP Console
Add or Edit Compliance Policy Exceptions through the Lacework FortiCNAPP API
Activity monitoring
Cloud Activity Logs
Cloud Activity Integrations
Cloud activity log dossiers
AWS CloudTrail Page
Azure Activity Log Page
GCP Audit Log Page
Log Types
Cloud activity log policies
Cloud Activity Policies
Create a Custom Violation Policy
Anomaly Policies
Default Cloud Anomaly Policies
Suppress Behavior Anomaly Alerts
Suppress Crawler-Related Alerts
Kubernetes Activity Logs
Kubernetes Audit Log Integrations
Amazon EKS Audit Log Integration
EKS Audit Log Integration Using Terraform
EKS Audit Log Integration Using CloudFormation
EKS Audit Log Manual Integration
Disable or Delete EKS Audit Log Integrations
Download CloudFormation Template Files Using the API
Manage an EKS Audit Log Integration Using Terraform
GKE Audit Logs
Kubernetes Audit Logs for GKE
GKE Audit Log Integration - Terraform
GKE Audit Log Integration - Manual
GKE Audit Log FAQ
Kubernetes Dashboard
Kubernetes Activity Policies
Kubernetes Behavior Anomaly Policies
Kubernetes Security FAQ
Workload security
Agentless Workload Scanning
Agentless Workload Scanning Overview
Before you Start - Agentless Workload Scanning
Integrate your AWS Environment
CloudFormation
Agentless Workload Scanning for AWS - Single Account Integration (CloudFormation)
Agentless Workload Scanning for AWS - Organization Integration (CloudFormation)
Terraform
Prerequisites
Agentless Workload Scanning for AWS - IAM Permissions Required for Deployment
Agentless Workload Scanning for AWS - IAM Permissions Used during Operation
Agentless Workload Scanning for AWS - Single Account Integration (Terraform)
Agentless Workload Scanning for AWS - Organization Integration (Terraform)
Integrate your Google Cloud Environment
Terraform
Prerequisites
Agentless Workload Scanning for Google Cloud - IAM Permissions Required for Deployment
Agentless Workload Scanning for Google Cloud - IAM Permissions Used during Operation
Agentless Workload Scanning for Google Cloud - Project Integration (Terraform)
Agentless Workload Scanning for Google Cloud - Organization Integration (Terraform)
Lacework FortiCNAPP console
View Agentless Workload Scanning Results in the Lacework FortiCNAPP Console
Manage your Agentless Workload Scanning Integration in the Lacework FortiCNAPP Console
Secrets Detected by Agentless Workload Scanning
FAQs - Agentless Workload Scanning
Agent-Based Workload Security
Linux Workload Security
Linux agent overview and system requirements
Install the Linux Agent
Linux agent install checklist
Required Connectivity, Proxies, and Certificates for Agents
Create Agent Access Token
Download Linux Agent Installer
Configure access to tags and metadata in AWS
Configure Access to Labels in Google Cloud
Install on Hosts
Install Linux Agent Using the install.sh Script
Install Linux Agent Using the Lacework FortiCNAPP CLI
Install Linux Agent from Package Repositories
Install Linux Agent Using a .deb or .rpm Package
Install Linux Agent with Chef
Install Linux Agent with Ansible
Install Linux Agent on AWS EC2 with Terraform and AWS Systems Manager
Install Linux Agent Using an AMI Created with Packer
Install Linux Agent on Alpine Linux
Install Linux Agent with AWS Elastic Beanstalk
Install Linux Agent on a GCE Host
Install on CoreOS
Install on Containers
Install Linux Agent on Docker
Install on AWS ECS Fargate
Install on AWS ECS as a Daemon Service (EC2 Launch Type)
Deploy on Google Cloud Run
Install on Kubernetes
Installing Linux agent on K8s
Install on AWS EKS Fargate
Install Linux Agent on GKE Autopilot
How Lacework FortiCNAPP derives the K8s cluster name
View Kubernetes Clusters or Node Types in Lacework FortiCNAPP Console
Change Agent Resource Installation Limits on Kubernetes Environments
Troubleshoot a Failed Linux Agent Installation
Configure the Linux Agent
Configure Linux Agent Using the Lacework FortiCNAPP Console
Configure Linux Agent Using Agent Configuration File
Configure Linux Agent Using Environment Variables
Specifying agent server URL
Adding agent tags
Run Agent as Non-Root User
Agent Administration
Viewing Linux agent status
Viewing agent versions
Viewing Linux agent logs
Viewing agent details on the Lacework FortiCNAPP console
Viewing host details on the Lacework FortiCNAPP console
Starting, stopping, or restarting the Linux agent
Upgrading the Linux agent
Uninstall the Linux Agent
Linux Agent FAQs
File Integrity Monitoring (FIM) FAQs
Windows Workload Security
Windows agent overview and system requirements
Install the Windows Agent
Windows Agent Installation Prerequisites
Download the Windows Agent Installer
Windows Agent Installation Options
Install the Windows Agent from the Command Line
Install the Windows Agent on Hosts Using a PowerShell Script
Install Windows Agent on AWS with Packer
Install the Windows Agent on Azure VMs Using a PowerShell Script
Install Windows Agent with Azure Resource Manager
Install Windows Agent on Azure VMs with Terraform
Windows agent install options on K8s
Install Windows Agent on AKS or EKS Clusters using Helm Chart
Configure Windows Agent on AKS or EKS Clusters using Helm Chart
Verify the Windows Agent Installation
View Windows Agent Details and Alerts
Configure the Windows Agent
Configure Windows Agent Using the Configuration File
Use a Network Proxy for Windows Agent Traffic
Configure Access to Tags in AWS
Configure Access to Labels in Google Cloud
Add Custom Agent Tags
Add the Windows Agent as a Trusted Entity
File and Registry Integrity Monitoring for Windows
File Integrity Monitoring for Windows Overview
Configure FIM Properties for Windows Agent
Monitor Changes to Windows Registry
Restart, Upgrade, or Uninstall the Windows Agent
Restart the Windows Agent
Upgrade the Windows Agent
Uninstall the Windows Agent
Troubleshoot the Windows Agent
Troubleshoot a Failed Windows Agent Installation
Roll Back a Windows Agent Installation
Review the Windows Agent Log Files
Agent EOSÂ information
Agents
Workload Security Dashboards
Hosts
Dashboard navigation and filters
Applications
Files
Machines
Networks
Processes
Users
Containers
Host Policies
Host Integrity Policies
Clone Policies
Edit Custom Policies
Identity Security
Identities
Overview
Top Identity Risks
Explore
Identity Details
Risk Remediation
Excessive Privilege Risk Remediation
Identity Risk Remediation Tickets
Identity Risk Exceptions
Entitlement Risks
Identity Datasources
Identity Policy Details
Use Cases
Identities FAQ
Lacework FortiCNAPP Package Features (vCPU Packages)
Vulnerabilities
Integrate Container Registries
Integrate Platform Scanner
Platform Scanner Overview
Integrate Amazon Elastic Container Registry
Integrate Docker Hub
Integrate a Docker V2 Registry
Integrate GitHub Container Registry
Integrate Google Artifact Registry
Integrate Google Container Registry
Integrate Proxy Scanner
Integrate Proxy Scanner with JFrog Registry
Integrate Proxy Scanner with JFrog Registry - Auto Polling
Integrate Proxy Scanner with JFrog Registry - Notification/On-demand
Integrate Proxy Scanner with Sonatype Nexus Registry
Integrate Inline Scanner
Integrate the Lacework FortiCNAPP Inline Scanner with CI Pipelines
Integrate with Kubernetes Admission Controller
Integrate Lacework FortiCNAPP with Security in Jira
Host Vulnerabilities
Host Vulnerability Assessment Overview
Host Image Support
Host OS and Language Library Support for Vulnerability Assessment
Host Vulnerability - Scanning of Language Libraries and Package Managers
Lacework FortiCNAPP Console - Host Vulnerabilities
Fix a Vulnerability on Linux Hosts
When Linux Host Assessments Identify a Vulnerability as Fixed
Multiple Fixed Parallel Package Versions
When Host Assessment Metrics Carry Forward
Host Vulnerability - FAQs
Container Vulnerabilities
Container Vulnerability Assessment Overview
Different Types of Scanning
Container Image Support
Container Vulnerability - Scanning of Language Libraries and Package Managers
Local Scanning Quickstart
Lacework Console - Container Vulnerability
Lacework FortiCNAPP API & CLI - Container Vulnerability
How to & Troubleshooting - Container Vulnerability
Container Vulnerability - FAQs
Unscanned Active Images - FAQs
Vulnerability Policies
Container Vulnerability Policies
Vulnerability Exceptions
Vulnerability Exceptions Overview
Lacework FortiCNAPP Console - Vulnerability Exceptions
Create and Manage Vulnerability Exceptions
Lacework FortiCNAPP (LW) Risk Score
Active Package Detection (Code Aware Agent)
Risk Visibility
Attack Path
Top Work Items
Path Investigation
Supported Attack Paths
Attack Path Risk Calculation
Attack Path Secrets Detection
Attack Path Cloud Feature Comparison
Attack Path FAQ
Exposure Polygraph
Code security
Code Security and Infrastructure as Code (IaC)
Integrate Repositories
CI/CD Integrations
Integrate with Atlantis
Azure DevOps Integration (beta)
GitHub Actions
GitLab
GitLab Pipeline
GitLab Self-Hosted Pipeline
Jenkins Integration
Code Security Overview
Software Composition Analysis (SCA)
Lacework FortiCNAPP Console
Applications Overview
Applications Vulnerabilities
Applications Repositories
CLI Scanning
Run SCA Using the Lacework FortiCNAPP CLI
License Scanning
Secrets Scanning
VS Code Extension
Supported Code Security Languages
Static Application Security Testing (SAST)
SAST CLI Scanning
Run SAST using the Lacework FortiCNAPP CLI
Software Bill of Materials (SBOM)
Use the Lacework FortiCNAPP CLI to Generate an SBOM
VS Code Extension
IaC Security
Overview
Assessments
Violations
Policies
Lacework FortiCNAPP IaC Policies
FAQs
Legacy IaC Security Overview
Get Started with IaC Security
CLI Usage
IaC Support Matrix
Lacework FortiCNAPP IaC Policies
Legacy CI/CD Integrations
Legacy Atlantis Integration
Legacy Azure DevOps (beta)
Legacy GitHub Actions
GitLab
Legacy GitLab Pipeline
Legacy GitLab Self-Hosted Pipeline
Legacy Jenkins Integration
IaC Compliance Scanning
Language Support
Configure IaC Security Settings
Modify IaC Security Policies
Use Repositories
Use Findings
View Violations
Enforce Checks Before Merging
Pull Request Build Status
Configure the Code Security App
IaC Security FAQs
Opal
Opal Overview
Get Started with Opal
Write Custom Opal Policies
Test Custom Opal Policies
Opal Output
Opal Examples
Opal Example Policy
Alerts
Alert Categories
Alert Severity
Crowdsourced Risk Analysis
View Alerts
Filter Alerts
Alert Types
Anomaly Alerts
Application Anomaly Alerts
Cloud Activity Anomaly Alerts
File Anomaly Alerts
Kubernetes Activity Anomaly Alerts
Machine Anomaly Alerts
User Anomaly Alerts
Policy Alerts
Application Policy Alerts
Cloud Activity Policy Alerts
File Policy Alerts
Compliance Policy Alerts
Platform Policy Alerts
Registry Policy Alerts
User Policy Alerts
Alert Types Classified as Composite Category
Alert Types Classified as Host Vulnerability Subcategory
Alert Types Classified as Container Vulnerability Subcategory
Alert Types Classified as Threat Intel Subcategory
Vulnerable Log4j Processes Alerts
AWS Alerts Reference
Access Key Deleted
API Failed With Error
CloudTrail Changed
CloudTrail Deleted
CloudTrail Stopped
Identity and Access Management (IAM) Access Key Change
Identity and Access Management (IAM) Policy Change (AWS)
AWS Account Accessed From Known Bad IP Address
AWS Account Accessed From a New Geolocation
AWS Account Accessed From a New Geolocation With a New AWS Event Type
Network Access Control List (NACL) Change
Network Gateway Change
New Access Key
New Account Access Made
New AWS User
New Key Management Service (KMS) Key
New Key Management Service (KMS) Key Alias
New Region
New S3 Bucket
New Service
New AWS Service Accessed in Region
New Virtual Private Cloud (VPC)
New Virtual Private Network (VPN) Connection
Route Table Change
S3 Bucket Access Control List (ACL) Change
S3 Bucket Deleted
S3 Bucket Policy Changed
Security Group Change
Service Called API
successful-non-saml-console-login-without-mfa
User Calltype MFA
New AWS API Invoked
Virtual Private Cloud (VPC) Change
Virtual Private Network (VPN) Gateway Change
Azure Alerts Reference
New Azure SP Accessing Resource
New Azure Subscription Created
New Azure API Failed with Error
New Azure API Call Invoked by User Accessed Resource for the First Time
New Azure User Performed Operation on Resource for the First Time
Google Cloud Alerts Reference
A New Service Account Has Been Created
Audit Configuration Changed
Cloud KMS Key IAM Policy Modified
Cloud KMS Key Version Destroyed
Cloud Logging Sink Modified
Cloud Storage IAM Permission Changed
Cloud VPN Deleted
Custom Role Changed
Folder IAM Policy Changed
GCP API Failed With Error
New Google Cloud Service Accessed in Region
GCP Service Account Logged In From New Source
GCP User Accessed Region
GCP User Logged In From New Source
IAM Policy Changed (Google Cloud)
New Cloud KMS Key Created
New Cloud KMS Key Ring Created
New Cloud Storage Bucket Created
New Cloud VPN Created
New GCP API Call
New GCP Organization
New GCP Region
New GCP Service
New GCP Source
New GCP User
Organization IAM Policy Changed
Project IAM Policy Changed
Project Ownership Assignments Changed
Service Account Key Changed
New API Invoked for Google Cloud Service
SQL Instance Configuration Changed
VPC Cloud NAT Changed
VPC Network Changed
VPC Network Firewall Rule Changed
VPC Network Route Changed
Kubernetes Alerts Reference
K8s Audit Log Cluster Role Created
K8s Audit Log Cluster Role Binding Created
K8s Audit Log Cluster Role Bindings To Admin
K8s Audit Log Cluster Role Bindings To Cluster Admin
K8s Audit Log Cluster Role Bindings To Edit
K8s Audit Log Cluster Role Bindings To System
K8s Audit Log Cluster Role With All Resources
K8s Audit Log Cluster Role With Pod Exec
K8s Audit Log Cluster Role With Pod Write
K8s Audit Log Cluster Role With Secrets
K8s Audit Log Ingress Created
K8s Audit Log Namespace Created
K8s Audit Log Resource Created
K8s Audit Log Role Created
K8s Audit Log Role Binding Created
K8s Audit Log Role Bindings To Admin
K8s Audit Log Role Bindings To Cluster Admin
K8s Audit Log Role Bindings To Edit
K8s Audit Log Role Bindings To System
K8s Audit Log Role With All Resources
K8s Audit Log Role With Pod Exec
K8s Audit Log Role With Pod Write
K8s Audit Log Role With Secrets
K8s Audit Log Workload Created
New K8s Workload Created With Privilege Escalation
New K8s Workload Created With Host Access
Time-Series Alerts Reference
AWS GPU Instance Usage Spike
AWS IAM API Error Spike
Workload Alerts Reference
New Application
New Child Launched
New Child Launched From Vulnerable Application
New External Client DNS
New External Client IP Address
New External Client IP Address Connection
New External Client IP Address Connection To Vulnerable Application
Outbound Connection to New Domain From Application
Outbound Connection to New Domain From Host
New External Host
New External Host Connection
New Outbound Connection From Application
Outbound Connection From Vulnerable Application to a Domain
New External Host Server Connection
Outbound Connection to a New External IP Address From Application
Outbound Connection to a New External IP Address From Host
New External Server IP Address Connection
Outbound Connection From Vulnerable Application to an IP Address
New Internal Connection
New Internal Host Connection
New Privilege Escalation
New User
New Vulnerable Child Launched
New Vulnerable Internal Connection
Suspicious Logins
User Launched New Binary
User Logged In From New IP
User Logged In From New Location
Composite Alerts Reference
Potential AWS Defense Evasion
Potential Cloud-Native Ransomware Attack
Potential Cryptomining Attack on Host
Potentially Compromised AWS Keys
Potentially Compromised Host
Potentially Compromised Google Cloud Identity
Potentially Compromised K8s User
Potential Penetration Test
Threat Intel Alerts Reference
Bad External Client DNS
Bad External Client IP Address
Bad External Client IP Address Connection
Bad External Client IP Address Connection To Vulnerable Application
Bad External Host
Bad External Server DNS Connection
Bad External Server Host Connection
Bad External Server IP Address
Bad External Server IP Address Connection
Bad External Server IP Address Connection From Vulnerable Application
Inbound Connection From a Bad External IP Address
Outbound Connection To a Bad External IP Address
Outbound Connection To a Bad External URL
AWS Account Accessed From Known Bad IP Address With New AWS Event Type
Login From New Bad Source Using Calltype
New Azure User Logged In From Bad Source
GCP User Logged In From Bad Source
Malicious File
Vulnerability Alerts Reference
New Vulnerable Application
Anomaly Detection Models
MITRE ATT&CK Tactics
Security Insights FAQ
AWS Security Hub
Amazon GuardDuty
Lacework FortiCNAPP AWS Built-in Package
Administrator guide
Lacework FortiCNAPP Console Overview
Views Management
Polygraphs
Lacework FortiCNAPP Polygraph
Polygraph Diff Selector and Search
Lacework FortiCNAPP Polygraph FAQ
Dashboard
Configure Alert Channels
Alert Channels
Alert Rules
Amazon EventBridge Alert Channel
Amazon Security Lake Alert Channel
AWS Security Hub Alert Channel
Azure DevOps Alert Channel
Cisco Webex Teams Alert Channel
Datadog Alert Channel
Elastic/ELK Stack Alert Channel
Email Alert Channel
Google Cloud Pub/Sub Alert Channel
Google Eventarc Alert Channel
IBM QRadar Alert Channel
Jira Alert Channel
Microsoft Teams Alert Channel
New Relic Alert Channel
Opsgenie Alert Channel
PagerDuty Alert Channel
ServiceNow Alert Channel
Slack Alert Channel
Splunk Alert Channel
Sumo Logic Alert Channel
VictorOps Alert Channel
Custom Webhook Alert Channel
Governance
Manage Policies
Manage Policy Frameworks
Legacy Policies Overview
View Policies
Platform Policies and Alerts
Reports
Authentication Configuration
Enable SAML
Google OAuth Configuration
Okta SAML SSO
Okta SAML JIT
Google Workspace SAML SSO
Google Workspace SAML JIT
Microsoft Entra ID SAML SSO
Microsoft Entra ID SAML JIT
OneLogin SAML SSO
OneLogin SAML JIT
SAML SSO with Red Hat Keycloak
SAML SSO with AWS
Settings
Integrations
Cloud Accounts
Update AWS Account Name in Lacework FortiCNAPP Console
Container Registries
Security in Jira
Configuration
Resource Groups
API Keys
Agent Tokens
Report Rules
Data Shares and Export
S3 Data Export vs. Snowflake Data Share
Data Share and Data Export Use Cases
Request a Snowflake Data Share
Snowflake Data Share Views
ALERT_DETAILS_V View
ALERT_EVIDENCE_V View
ALERTS_V View
ALL_FILES_V View
APPLICATIONS_V View
CHANGE_FILES_V View
CLOUD_COMPLIANCE_V View
CLOUD_CONFIGURATION_V View
CLOUD_RESOURCES_V View
CMDLINE_V View
CONNECTIONS_V View
CONTAINER_SUMMARY_V View
CONTAINER_VULN_DETAILS_V View
DNS_QUERY_V View
HOST_VULN_DETAILS_V View
IMAGE_V View
INTERFACES_V View
INTERNAL_IPA_V View
MACHINE_DETAILS_V View
MACHINE_SUMMARY_V View
NEW_HASHES_V View
PACKAGE_V View
POD_SUMMARY_V View
PROCESS_SUMMARY_V View
USER_DETAILS_V View
USER_LOGIN_V View
S3 Data Exporter
Amazon S3 Data Export
Amazon S3 Data Export Views and Folder Structure
Agent Management V View
General
Configure Risk Scores
My Settings
My Profile
Organizations
Organization Overview
Create New Account in an Organization
Subscription and Usage
View Subscription Status
Assign Packages to Accounts
Allocate Packages to Resource Groups
Subscription Usage
Usage
License
Audit Logs
Team Members
Authentication Overview
Access Control Overview
Manage Access at Organization Level
Manage Access at Account Level
Access Control at Organization Level
Access Control at Account Level
Resource Inventory
Use Lacework FortiCNAPP's Resource Inventory
Oracle Cloud Infrastructure (OCI) Inventory
Change Log
Home
Lacework FortiCNAPP
Administration Guide
Cloud Activity Integrations
Cloud Activity Integrations
The following integration methods for cloud activity monitoring are available:
AWS
Terraform
AWS CloudFormation
Manual integration
Azure
Terraform
Manual integration
Google Cloud
Terraform
Manual integration
Previous
Next
Cloud Activity Integrations
Cloud Activity Integrations
The following integration methods for cloud activity monitoring are available:
AWS
Terraform
AWS CloudFormation
Manual integration
Azure
Terraform
Manual integration
Google Cloud
Terraform
Manual integration
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Table of Contents
Getting started with Lacework FortiCNAPP
Lacework FortiCNAPP Overview
Onboarding Overview
Launch Onboarding
Onboarding Tasks
Prepare the Environment for Lacework FortiCNAPP
Terraform for Lacework
Get Started with Terraform for Lacework FortiCNAPP
Single Role Terraform Deployment
Manage Cloud Integrations with Terraform
Maintain Cloud Integrations with Terraform
Manage Alert Channels with Terraform
Manage Alert Profiles with Terraform
Manage Alert Rules with Terraform
Manage Resource Groups with Terraform
Lacework FAQs
Lacework FortiCNAPP FAQ
Support Portal FAQ
Integration
AWS Integration
Lacework FortiCNAPP Foundational Technical Review Assessor
AWS terraform
AWS Integration - Guided Configuration
AWS Integration - Terraform from AWS CloudShell
AWS Integration - Terraform from Any Supported Host
AWS Integration Using CloudFormation
AWS Control Tower Integration Using CloudFormation
Integration with S3 Buckets Using SSE-KMS
AWS console
AWS CloudTrail Integration Prerequisites
AWS Configuration Integration Prerequisites
AWS Integration - Manual Configuration
AWS GovCloud Integration
AWS CloudTrail Integration for Organizations
AWS CloudTrail Account Mapping for Organizations
Update the External ID of an Existing AWS Integration
Lacework FortiCNAPP for AWS FAQ
Azure Integration
Create an Azure App for Integration
Azure terraform
Azure Integration - Guided Configuration
Azure Integration - Terraform from Azure Cloud Shell
Azure Integration - Terraform from Any Supported Host
Azure portal
Azure Activity Log Integration - Manual Configuration
Azure Configuration Integration - Manual Configuration
Gather Azure Client ID, Tenant ID, and Client Secret
Lacework FortiCNAPP for Azure FAQ
Google Cloud Integration
Required Roles for Google Cloud Configuration and Audit Log Integrations
Create a Google Cloud Service Account and Grant Access
Google cloud Terraform
Google Cloud Integration - Guided Configuration
Pub/Sub-Based Google Cloud Integration - Terraform from Google Cloud Shell
Pub/Sub-Based Google Cloud Integration - Terraform from Any Supported Host
Migrate From Storage-Based to Pub/Sub-Based Google Cloud Audit Log Integration Using Terraform
Storage-Based Google Cloud Integration - Terraform from Google Cloud Shell
Storage-Based Google Cloud Integration - Terraform from Any Supported Host
Google cloud console
Pub/Sub-Based Google Cloud Audit Log Integration - Manual Configuration
Migrate From Storage-Based to Pub/Sub-Based Google Cloud Audit Log Integration - Manual Configuration
Storage-Based Google Cloud Audit Log Integration - Manual Configuration
Google Cloud Configuration Integration - Manual Configuration
Enable the Required Google Cloud APIs
Delete a Lacework FortiCNAPP Integration from Google Cloud
Lacework FortiCNAPP for Google Cloud FAQ
Integrate Lacework FortiCNAPP with OCI
Required Roles for OCI Integration
Integrate OCI with Terraform
Integrate OCI Manually
Set up a Lacework FortiCNAPP User in OCI
Add the OCI Integration
Provision Access to OCI Resources with Resource Groups
Rotate the OCI API Key
Kubernetes Compliance Integrations
Supported Environments and Prerequisites for Kubernetes Compliance
Kubernetes Compliance Integration Using Helm
Kubernetes Compliance Integration Using Terraform
Compliance
Cloud compliance
Cloud Compliance Dashboard
Kubernetes compliance
Kubernetes Compliance Dashboard
Kubernetes Compliance FAQs
Kubernetes Troubleshooting
Posture Policies
Create a Custom Compliance Policy
Modify Compliance and Violation Policies
Manage Custom Policies with Terraform
Manage Policy Exceptions with Terraform
Add Compliance Policy Exceptions in the Lacework FortiCNAPP Console
Manage Compliance Policy Exceptions in the Lacework FortiCNAPP Console
Add or Edit Compliance Policy Exceptions through the Lacework FortiCNAPP API
Activity monitoring
Cloud Activity Logs
Cloud Activity Integrations
Cloud activity log dossiers
AWS CloudTrail Page
Azure Activity Log Page
GCP Audit Log Page
Log Types
Cloud activity log policies
Cloud Activity Policies
Create a Custom Violation Policy
Anomaly Policies
Default Cloud Anomaly Policies
Suppress Behavior Anomaly Alerts
Suppress Crawler-Related Alerts
Kubernetes Activity Logs
Kubernetes Audit Log Integrations
Amazon EKS Audit Log Integration
EKS Audit Log Integration Using Terraform
EKS Audit Log Integration Using CloudFormation
EKS Audit Log Manual Integration
Disable or Delete EKS Audit Log Integrations
Download CloudFormation Template Files Using the API
Manage an EKS Audit Log Integration Using Terraform
GKE Audit Logs
Kubernetes Audit Logs for GKE
GKE Audit Log Integration - Terraform
GKE Audit Log Integration - Manual
GKE Audit Log FAQ
Kubernetes Dashboard
Kubernetes Activity Policies
Kubernetes Behavior Anomaly Policies
Kubernetes Security FAQ
Workload security
Agentless Workload Scanning
Agentless Workload Scanning Overview
Before you Start - Agentless Workload Scanning
Integrate your AWS Environment
CloudFormation
Agentless Workload Scanning for AWS - Single Account Integration (CloudFormation)
Agentless Workload Scanning for AWS - Organization Integration (CloudFormation)
Terraform
Prerequisites
Agentless Workload Scanning for AWS - IAM Permissions Required for Deployment
Agentless Workload Scanning for AWS - IAM Permissions Used during Operation
Agentless Workload Scanning for AWS - Single Account Integration (Terraform)
Agentless Workload Scanning for AWS - Organization Integration (Terraform)
Integrate your Google Cloud Environment
Terraform
Prerequisites
Agentless Workload Scanning for Google Cloud - IAM Permissions Required for Deployment
Agentless Workload Scanning for Google Cloud - IAM Permissions Used during Operation
Agentless Workload Scanning for Google Cloud - Project Integration (Terraform)
Agentless Workload Scanning for Google Cloud - Organization Integration (Terraform)
Lacework FortiCNAPP console
View Agentless Workload Scanning Results in the Lacework FortiCNAPP Console
Manage your Agentless Workload Scanning Integration in the Lacework FortiCNAPP Console
Secrets Detected by Agentless Workload Scanning
FAQs - Agentless Workload Scanning
Agent-Based Workload Security
Linux Workload Security
Linux agent overview and system requirements
Install the Linux Agent
Linux agent install checklist
Required Connectivity, Proxies, and Certificates for Agents
Create Agent Access Token
Download Linux Agent Installer
Configure access to tags and metadata in AWS
Configure Access to Labels in Google Cloud
Install on Hosts
Install Linux Agent Using the install.sh Script
Install Linux Agent Using the Lacework FortiCNAPP CLI
Install Linux Agent from Package Repositories
Install Linux Agent Using a .deb or .rpm Package
Install Linux Agent with Chef
Install Linux Agent with Ansible
Install Linux Agent on AWS EC2 with Terraform and AWS Systems Manager
Install Linux Agent Using an AMI Created with Packer
Install Linux Agent on Alpine Linux
Install Linux Agent with AWS Elastic Beanstalk
Install Linux Agent on a GCE Host
Install on CoreOS
Install on Containers
Install Linux Agent on Docker
Install on AWS ECS Fargate
Install on AWS ECS as a Daemon Service (EC2 Launch Type)
Deploy on Google Cloud Run
Install on Kubernetes
Installing Linux agent on K8s
Install on AWS EKS Fargate
Install Linux Agent on GKE Autopilot
How Lacework FortiCNAPP derives the K8s cluster name
View Kubernetes Clusters or Node Types in Lacework FortiCNAPP Console
Change Agent Resource Installation Limits on Kubernetes Environments
Troubleshoot a Failed Linux Agent Installation
Configure the Linux Agent
Configure Linux Agent Using the Lacework FortiCNAPP Console
Configure Linux Agent Using Agent Configuration File
Configure Linux Agent Using Environment Variables
Specifying agent server URL
Adding agent tags
Run Agent as Non-Root User
Agent Administration
Viewing Linux agent status
Viewing agent versions
Viewing Linux agent logs
Viewing agent details on the Lacework FortiCNAPP console
Viewing host details on the Lacework FortiCNAPP console
Starting, stopping, or restarting the Linux agent
Upgrading the Linux agent
Uninstall the Linux Agent
Linux Agent FAQs
File Integrity Monitoring (FIM) FAQs
Windows Workload Security
Windows agent overview and system requirements
Install the Windows Agent
Windows Agent Installation Prerequisites
Download the Windows Agent Installer
Windows Agent Installation Options
Install the Windows Agent from the Command Line
Install the Windows Agent on Hosts Using a PowerShell Script
Install Windows Agent on AWS with Packer
Install the Windows Agent on Azure VMs Using a PowerShell Script
Install Windows Agent with Azure Resource Manager
Install Windows Agent on Azure VMs with Terraform
Windows agent install options on K8s
Install Windows Agent on AKS or EKS Clusters using Helm Chart
Configure Windows Agent on AKS or EKS Clusters using Helm Chart
Verify the Windows Agent Installation
View Windows Agent Details and Alerts
Configure the Windows Agent
Configure Windows Agent Using the Configuration File
Use a Network Proxy for Windows Agent Traffic
Configure Access to Tags in AWS
Configure Access to Labels in Google Cloud
Add Custom Agent Tags
Add the Windows Agent as a Trusted Entity
File and Registry Integrity Monitoring for Windows
File Integrity Monitoring for Windows Overview
Configure FIM Properties for Windows Agent
Monitor Changes to Windows Registry
Restart, Upgrade, or Uninstall the Windows Agent
Restart the Windows Agent
Upgrade the Windows Agent
Uninstall the Windows Agent
Troubleshoot the Windows Agent
Troubleshoot a Failed Windows Agent Installation
Roll Back a Windows Agent Installation
Review the Windows Agent Log Files
Agent EOSÂ information
Agents
Workload Security Dashboards
Hosts
Dashboard navigation and filters
Applications
Files
Machines
Networks
Processes
Users
Containers
Host Policies
Host Integrity Policies
Clone Policies
Edit Custom Policies
Identity Security
Identities
Overview
Top Identity Risks
Explore
Identity Details
Risk Remediation
Excessive Privilege Risk Remediation
Identity Risk Remediation Tickets
Identity Risk Exceptions
Entitlement Risks
Identity Datasources
Identity Policy Details
Use Cases
Identities FAQ
Lacework FortiCNAPP Package Features (vCPU Packages)
Vulnerabilities
Integrate Container Registries
Integrate Platform Scanner
Platform Scanner Overview
Integrate Amazon Elastic Container Registry
Integrate Docker Hub
Integrate a Docker V2 Registry
Integrate GitHub Container Registry
Integrate Google Artifact Registry
Integrate Google Container Registry
Integrate Proxy Scanner
Integrate Proxy Scanner with JFrog Registry
Integrate Proxy Scanner with JFrog Registry - Auto Polling
Integrate Proxy Scanner with JFrog Registry - Notification/On-demand
Integrate Proxy Scanner with Sonatype Nexus Registry
Integrate Inline Scanner
Integrate the Lacework FortiCNAPP Inline Scanner with CI Pipelines
Integrate with Kubernetes Admission Controller
Integrate Lacework FortiCNAPP with Security in Jira
Host Vulnerabilities
Host Vulnerability Assessment Overview
Host Image Support
Host OS and Language Library Support for Vulnerability Assessment
Host Vulnerability - Scanning of Language Libraries and Package Managers
Lacework FortiCNAPP Console - Host Vulnerabilities
Fix a Vulnerability on Linux Hosts
When Linux Host Assessments Identify a Vulnerability as Fixed
Multiple Fixed Parallel Package Versions
When Host Assessment Metrics Carry Forward
Host Vulnerability - FAQs
Container Vulnerabilities
Container Vulnerability Assessment Overview
Different Types of Scanning
Container Image Support
Container Vulnerability - Scanning of Language Libraries and Package Managers
Local Scanning Quickstart
Lacework Console - Container Vulnerability
Lacework FortiCNAPP API & CLI - Container Vulnerability
How to & Troubleshooting - Container Vulnerability
Container Vulnerability - FAQs
Unscanned Active Images - FAQs
Vulnerability Policies
Container Vulnerability Policies
Vulnerability Exceptions
Vulnerability Exceptions Overview
Lacework FortiCNAPP Console - Vulnerability Exceptions
Create and Manage Vulnerability Exceptions
Lacework FortiCNAPP (LW) Risk Score
Active Package Detection (Code Aware Agent)
Risk Visibility
Attack Path
Top Work Items
Path Investigation
Supported Attack Paths
Attack Path Risk Calculation
Attack Path Secrets Detection
Attack Path Cloud Feature Comparison
Attack Path FAQ
Exposure Polygraph
Code security
Code Security and Infrastructure as Code (IaC)
Integrate Repositories
CI/CD Integrations
Integrate with Atlantis
Azure DevOps Integration (beta)
GitHub Actions
GitLab
GitLab Pipeline
GitLab Self-Hosted Pipeline
Jenkins Integration
Code Security Overview
Software Composition Analysis (SCA)
Lacework FortiCNAPP Console
Applications Overview
Applications Vulnerabilities
Applications Repositories
CLI Scanning
Run SCA Using the Lacework FortiCNAPP CLI
License Scanning
Secrets Scanning
VS Code Extension
Supported Code Security Languages
Static Application Security Testing (SAST)
SAST CLI Scanning
Run SAST using the Lacework FortiCNAPP CLI
Software Bill of Materials (SBOM)
Use the Lacework FortiCNAPP CLI to Generate an SBOM
VS Code Extension
IaC Security
Overview
Assessments
Violations
Policies
Lacework FortiCNAPP IaC Policies
FAQs
Legacy IaC Security Overview
Get Started with IaC Security
CLI Usage
IaC Support Matrix
Lacework FortiCNAPP IaC Policies
Legacy CI/CD Integrations
Legacy Atlantis Integration
Legacy Azure DevOps (beta)
Legacy GitHub Actions
GitLab
Legacy GitLab Pipeline
Legacy GitLab Self-Hosted Pipeline
Legacy Jenkins Integration
IaC Compliance Scanning
Language Support
Configure IaC Security Settings
Modify IaC Security Policies
Use Repositories
Use Findings
View Violations
Enforce Checks Before Merging
Pull Request Build Status
Configure the Code Security App
IaC Security FAQs
Opal
Opal Overview
Get Started with Opal
Write Custom Opal Policies
Test Custom Opal Policies
Opal Output
Opal Examples
Opal Example Policy
Alerts
Alert Categories
Alert Severity
Crowdsourced Risk Analysis
View Alerts
Filter Alerts
Alert Types
Anomaly Alerts
Application Anomaly Alerts
Cloud Activity Anomaly Alerts
File Anomaly Alerts
Kubernetes Activity Anomaly Alerts
Machine Anomaly Alerts
User Anomaly Alerts
Policy Alerts
Application Policy Alerts
Cloud Activity Policy Alerts
File Policy Alerts
Compliance Policy Alerts
Platform Policy Alerts
Registry Policy Alerts
User Policy Alerts
Alert Types Classified as Composite Category
Alert Types Classified as Host Vulnerability Subcategory
Alert Types Classified as Container Vulnerability Subcategory
Alert Types Classified as Threat Intel Subcategory
Vulnerable Log4j Processes Alerts
AWS Alerts Reference
Access Key Deleted
API Failed With Error
CloudTrail Changed
CloudTrail Deleted
CloudTrail Stopped
Identity and Access Management (IAM) Access Key Change
Identity and Access Management (IAM) Policy Change (AWS)
AWS Account Accessed From Known Bad IP Address
AWS Account Accessed From a New Geolocation
AWS Account Accessed From a New Geolocation With a New AWS Event Type
Network Access Control List (NACL) Change
Network Gateway Change
New Access Key
New Account Access Made
New AWS User
New Key Management Service (KMS) Key
New Key Management Service (KMS) Key Alias
New Region
New S3 Bucket
New Service
New AWS Service Accessed in Region
New Virtual Private Cloud (VPC)
New Virtual Private Network (VPN) Connection
Route Table Change
S3 Bucket Access Control List (ACL) Change
S3 Bucket Deleted
S3 Bucket Policy Changed
Security Group Change
Service Called API
successful-non-saml-console-login-without-mfa
User Calltype MFA
New AWS API Invoked
Virtual Private Cloud (VPC) Change
Virtual Private Network (VPN) Gateway Change
Azure Alerts Reference
New Azure SP Accessing Resource
New Azure Subscription Created
New Azure API Failed with Error
New Azure API Call Invoked by User Accessed Resource for the First Time
New Azure User Performed Operation on Resource for the First Time
Google Cloud Alerts Reference
A New Service Account Has Been Created
Audit Configuration Changed
Cloud KMS Key IAM Policy Modified
Cloud KMS Key Version Destroyed
Cloud Logging Sink Modified
Cloud Storage IAM Permission Changed
Cloud VPN Deleted
Custom Role Changed
Folder IAM Policy Changed
GCP API Failed With Error
New Google Cloud Service Accessed in Region
GCP Service Account Logged In From New Source
GCP User Accessed Region
GCP User Logged In From New Source
IAM Policy Changed (Google Cloud)
New Cloud KMS Key Created
New Cloud KMS Key Ring Created
New Cloud Storage Bucket Created
New Cloud VPN Created
New GCP API Call
New GCP Organization
New GCP Region
New GCP Service
New GCP Source
New GCP User
Organization IAM Policy Changed
Project IAM Policy Changed
Project Ownership Assignments Changed
Service Account Key Changed
New API Invoked for Google Cloud Service
SQL Instance Configuration Changed
VPC Cloud NAT Changed
VPC Network Changed
VPC Network Firewall Rule Changed
VPC Network Route Changed
Kubernetes Alerts Reference
K8s Audit Log Cluster Role Created
K8s Audit Log Cluster Role Binding Created
K8s Audit Log Cluster Role Bindings To Admin
K8s Audit Log Cluster Role Bindings To Cluster Admin
K8s Audit Log Cluster Role Bindings To Edit
K8s Audit Log Cluster Role Bindings To System
K8s Audit Log Cluster Role With All Resources
K8s Audit Log Cluster Role With Pod Exec
K8s Audit Log Cluster Role With Pod Write
K8s Audit Log Cluster Role With Secrets
K8s Audit Log Ingress Created
K8s Audit Log Namespace Created
K8s Audit Log Resource Created
K8s Audit Log Role Created
K8s Audit Log Role Binding Created
K8s Audit Log Role Bindings To Admin
K8s Audit Log Role Bindings To Cluster Admin
K8s Audit Log Role Bindings To Edit
K8s Audit Log Role Bindings To System
K8s Audit Log Role With All Resources
K8s Audit Log Role With Pod Exec
K8s Audit Log Role With Pod Write
K8s Audit Log Role With Secrets
K8s Audit Log Workload Created
New K8s Workload Created With Privilege Escalation
New K8s Workload Created With Host Access
Time-Series Alerts Reference
AWS GPU Instance Usage Spike
AWS IAM API Error Spike
Workload Alerts Reference
New Application
New Child Launched
New Child Launched From Vulnerable Application
New External Client DNS
New External Client IP Address
New External Client IP Address Connection
New External Client IP Address Connection To Vulnerable Application
Outbound Connection to New Domain From Application
Outbound Connection to New Domain From Host
New External Host
New External Host Connection
New Outbound Connection From Application
Outbound Connection From Vulnerable Application to a Domain
New External Host Server Connection
Outbound Connection to a New External IP Address From Application
Outbound Connection to a New External IP Address From Host
New External Server IP Address Connection
Outbound Connection From Vulnerable Application to an IP Address
New Internal Connection
New Internal Host Connection
New Privilege Escalation
New User
New Vulnerable Child Launched
New Vulnerable Internal Connection
Suspicious Logins
User Launched New Binary
User Logged In From New IP
User Logged In From New Location
Composite Alerts Reference
Potential AWS Defense Evasion
Potential Cloud-Native Ransomware Attack
Potential Cryptomining Attack on Host
Potentially Compromised AWS Keys
Potentially Compromised Host
Potentially Compromised Google Cloud Identity
Potentially Compromised K8s User
Potential Penetration Test
Threat Intel Alerts Reference
Bad External Client DNS
Bad External Client IP Address
Bad External Client IP Address Connection
Bad External Client IP Address Connection To Vulnerable Application
Bad External Host
Bad External Server DNS Connection
Bad External Server Host Connection
Bad External Server IP Address
Bad External Server IP Address Connection
Bad External Server IP Address Connection From Vulnerable Application
Inbound Connection From a Bad External IP Address
Outbound Connection To a Bad External IP Address
Outbound Connection To a Bad External URL
AWS Account Accessed From Known Bad IP Address With New AWS Event Type
Login From New Bad Source Using Calltype
New Azure User Logged In From Bad Source
GCP User Logged In From Bad Source
Malicious File
Vulnerability Alerts Reference
New Vulnerable Application
Anomaly Detection Models
MITRE ATT&CK Tactics
Security Insights FAQ
AWS Security Hub
Amazon GuardDuty
Lacework FortiCNAPP AWS Built-in Package
Administrator guide
Lacework FortiCNAPP Console Overview
Views Management
Polygraphs
Lacework FortiCNAPP Polygraph
Polygraph Diff Selector and Search
Lacework FortiCNAPP Polygraph FAQ
Dashboard
Configure Alert Channels
Alert Channels
Alert Rules
Amazon EventBridge Alert Channel
Amazon Security Lake Alert Channel
AWS Security Hub Alert Channel
Azure DevOps Alert Channel
Cisco Webex Teams Alert Channel
Datadog Alert Channel
Elastic/ELK Stack Alert Channel
Email Alert Channel
Google Cloud Pub/Sub Alert Channel
Google Eventarc Alert Channel
IBM QRadar Alert Channel
Jira Alert Channel
Microsoft Teams Alert Channel
New Relic Alert Channel
Opsgenie Alert Channel
PagerDuty Alert Channel
ServiceNow Alert Channel
Slack Alert Channel
Splunk Alert Channel
Sumo Logic Alert Channel
VictorOps Alert Channel
Custom Webhook Alert Channel
Governance
Manage Policies
Manage Policy Frameworks
Legacy Policies Overview
View Policies
Platform Policies and Alerts
Reports
Authentication Configuration
Enable SAML
Google OAuth Configuration
Okta SAML SSO
Okta SAML JIT
Google Workspace SAML SSO
Google Workspace SAML JIT
Microsoft Entra ID SAML SSO
Microsoft Entra ID SAML JIT
OneLogin SAML SSO
OneLogin SAML JIT
SAML SSO with Red Hat Keycloak
SAML SSO with AWS
Settings
Integrations
Cloud Accounts
Update AWS Account Name in Lacework FortiCNAPP Console
Container Registries
Security in Jira
Configuration
Resource Groups
API Keys
Agent Tokens
Report Rules
Data Shares and Export
S3 Data Export vs. Snowflake Data Share
Data Share and Data Export Use Cases
Request a Snowflake Data Share
Snowflake Data Share Views
ALERT_DETAILS_V View
ALERT_EVIDENCE_V View
ALERTS_V View
ALL_FILES_V View
APPLICATIONS_V View
CHANGE_FILES_V View
CLOUD_COMPLIANCE_V View
CLOUD_CONFIGURATION_V View
CLOUD_RESOURCES_V View
CMDLINE_V View
CONNECTIONS_V View
CONTAINER_SUMMARY_V View
CONTAINER_VULN_DETAILS_V View
DNS_QUERY_V View
HOST_VULN_DETAILS_V View
IMAGE_V View
INTERFACES_V View
INTERNAL_IPA_V View
MACHINE_DETAILS_V View
MACHINE_SUMMARY_V View
NEW_HASHES_V View
PACKAGE_V View
POD_SUMMARY_V View
PROCESS_SUMMARY_V View
USER_DETAILS_V View
USER_LOGIN_V View
S3 Data Exporter
Amazon S3 Data Export
Amazon S3 Data Export Views and Folder Structure
Agent Management V View
General
Configure Risk Scores
My Settings
My Profile
Organizations
Organization Overview
Create New Account in an Organization
Subscription and Usage
View Subscription Status
Assign Packages to Accounts
Allocate Packages to Resource Groups
Subscription Usage
Usage
License
Audit Logs
Team Members
Authentication Overview
Access Control Overview
Manage Access at Organization Level
Manage Access at Account Level
Access Control at Organization Level
Access Control at Account Level
Resource Inventory
Use Lacework FortiCNAPP's Resource Inventory
Oracle Cloud Infrastructure (OCI) Inventory
Change Log