Package: Invicti AppSec Enterprise (on-premise, on-demand)
Lacework Infra
Lacework provides cloud security and infrastructure vulnerability detection through its cloud-native platform. In Invicti AppSec, the Lacework Infra integration connects to your Lacework environment to import infrastructure vulnerability findings by account.
Prerequisites
| Field | Description |
|---|---|
| Key ID | Lacework API key ID generated in the Lacework console |
| Secret | Lacework API secret paired with the Key ID |
| URL | the base URL of your Lacework instance (e.g., https://<account>.lacework.net) |
Get a Key ID and Secret (on Lacework side)
- Log in to the Lacework console.
- Navigate to Settings > API Keys.
- Click + Create New.
- Enter a name and description for the key.
- Click Save. Download or copy the Key ID and Secret immediately — the secret is shown only once.
Refer to the Token Instructions link displayed in the Invicti AppSec settings panel for additional guidance on generating Lacework API credentials.
Step 1: Navigate to Integrations
From the left sidebar menu, click Integrations.
Step 2: Select the Infra tab
On the Integrations > Scanners page, click the Infra tab.
Step 3: Find and activate Lacework Infra
Scroll through the list of Infra scanners to find Lacework Infra.
- If Lacework Infra is not activated, click Activate to enable the integration.
Step 4: Configure connection settings
Click the gear icon on the Lacework Infra card to open the settings panel. Fill in the required fields:
| Field | Description | Required |
|---|---|---|
| Key ID | Lacework API Key ID | Yes |
| Secret | Lacework API Secret paired with the Key ID | Yes |
| URL | base URL of your Lacework instance | Yes |
| Insecure | skip TLS certificate verification (use only for self-signed certificates) | No |
Step 5: Test the connection
Click Test Connection. A green Connection successful message confirms that Invicti AppSec can authenticate with the Lacework API.
Summary
| Step | Action |
|---|---|
| 1 | Navigate to Integrations from the sidebar |
| 2 | Select the Infra tab |
| 3 | Activate Lacework Infra |
| 4 | Enter Key ID, Secret, and URL |
| 5 | Test the connection |
Create a scan
Navigate to project scanners
- Open a project in Invicti AppSec.
- Go to Settings > Scanners.
- Click Add Scanner.
Add Lacework Infra scanner
- Select Infra as the scanner type.
- Choose Lacework Infra from the scanner list.
- Click Add to open the scan configuration drawer.
Scan configuration fields
| Field | Description | Required |
|---|---|---|
| Profile Name | a name to identify this scan configuration | Yes |
| Account ID | select the Lacework account to associate with this scan | Yes |
| Meta Data | additional metadata to tag the scan | Yes |
| Scan Tag | free-text tag to identify or group scans | No |
| Severity+ | increase severity of imported findings by one level | No |
| Severity- | decrease severity of imported findings by one level | No |
Account ID links the Invicti AppSec project to a specific Lacework account. Infrastructure vulnerability findings tracked under that account are imported into the project. Severity+ and Severity- are mutually exclusive — only one can be enabled at a time.
Scheduler
Enable the Scheduler toggle to automatically run Lacework Infra scans on a recurring schedule.
Webhook (optional)
Add a webhook URL to receive scan completion notifications.
KDT command
kdt scan -p <project_name> -t laceworkinfra -b -
Troubleshooting
Connection fails
| Issue | Resolution |
|---|---|
| Invalid Key ID or Secret | verify the credentials in the Lacework console under Settings > API Keys. Regenerate if needed. |
| URL unreachable | confirm the Lacework instance URL (https://<account>.lacework.net) is reachable from the Invicti AppSec server. |
| TLS certificate error | if using a self-signed certificate, enable the Insecure option in the connection settings. |
| Secret not available | the secret is shown only at creation — create a new API key if the original wasn't saved. |
Scan issues
| Issue | Resolution |
|---|---|
| No accounts available in Account ID dropdown | ensure the API key has access to at least one Lacework account and that infrastructure vulnerability data is available. |
| Scan shows no findings | the account may have no known vulnerabilities, or Lacework assessments may not have completed yet. Check the Lacework console. |
| Scan not starting | verify the scanner is activated and the connection test passes in the integration settings. |
Best practices
- Use a dedicated API key for Invicti AppSec with the minimum required permissions rather than reusing credentials shared with other tools.
- Rotate the Secret periodically and update the integration settings in Invicti AppSec accordingly.
- Associate each Invicti AppSec project with the Lacework account that tracks its production infrastructure for accurate vulnerability data.
- Use the Scheduler to align scans with your Lacework assessment cadence so findings always reflect the latest state.
Limitations
- Lacework Infra in Invicti AppSec imports vulnerability data from existing Lacework infrastructure assessments — it doesn't trigger new Lacework scans.
- Only accounts accessible via the provided API key are available for selection.
- Runtime behavioral signals and cloud activity findings from Lacework aren't surfaced in Invicti AppSec; only infrastructure vulnerability data is imported.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center