Skip to main content

Lawmaker 🦅 New features and improvements

Since the release of Lawmaker back in August we've been busy working on additional functionalities, bug fixing and overall improvements in the platform.

Today we're announcing those features and going over everything that changed in the platform. All of the features discussed in this post are already available to all users and besides updating the agent, no other changes are needed to start making use of them.

Guest User Tenant Switching

The tenant aspect of Lawmaker is undoubtedly one of its most interesting - and challenging - aspects. While we aim to provide the maximum functionality through tenants, it's always a fine balance between usability, security and business decisions that aim to reduce abuse of the platform. 

In this last update we changed how the tenancy model is applied.

While the above model was kept intact, Lawmaker accounts can now invite users to one or more tenants which in turn will allow the users to switch between the tenants for which they were invited. This is an addition to the original model in which users were limited only to 1 tenant. 

This change allows for more complex use cases in which teams might require segregation of their deployment in different tenants and team members have to switch between them.

As soon as a user is invited to a second tenant, it will be possible to switch between them using the tenant switcher. 

Rule Creator

Want to create your own rules and have them deployed within your tenants without relaying on a third party ruleset? Found a signature online for an emerging threat that hasn't found its way to your threat information provider?

Rule Creator will allow you to submit your rules and place them in their own ruleset file, controlled and maintained by Lawmaker. It'll also automatically update your suricata-update configuration to reference this new ruleset file as well as parse all submitted rules to make sure they are properly formatted.

Once you submit your rule it will be sent to a queue for processing, and if everything is OK, it'll be added to your custom rule file. The whole process takes less than a second and we're continuously improving the validation.

lawmaker-agent has been updated to make use of this new file. We'll talk more about the agent further down in this blog post.

Enterprise Access

The main goal behind Lawmaker is to provide a valuable service to its customers through an affordable subscription model. We wanted to extend its capabilities to businesses that want to use the platform but have different business requirements. Enterprise Access allows the purchase of prepaid accounts, normally done in bulk, that businesses can distribute to their teams or include in their service offer. 

Through the purchase of Enterprise Access Codes (EAC) users can now sign up without having a subscription. 

If you'd like to include Lawmaker in your service offer or perform a bulk purchase of licenses, please get in touch with us.


We've updated lawmaker-agent not only to support Rule Creator but also to fix some bugs and overall performance improvements. Regardless if you're planning on using Rule Creator we strongly recommend that you update it.

We also received feedback that it would be valuable for a single lawmaker-agent to be able to interact with several tenants at once, so you can now specify your API key as an argument: ./lawmaker-agent YOUR_API_KEY

Tweaks & Improvements

On top of the larger features, numerous changes have been made to improve the overall experience. To name a few:

  • Easier password recovery
  • Improvement in subscription management
  • UI/UX improvements for inviting users into tenants
  • Better sync between clients (i.e adding a user to a tenant is immediately reflected in the invited user)
  • Condition clipboard - Click to copy the condition permalink of rules, suppression's, filters, etc (easier collaboration)
  • Sign up form UI
  • Added the option to export all your private data in the Settings menu
  • & much more!

What's next? 

Lawmaker is nowhere near its conclusion. As we develop additional features we'll be slowly rolling them out to production and we hope you find them useful.  If you'd like to be in the bleeding edge of things and don't mind the occasional downtime, we'd be happy to set you up in our beta program that gives you insight into all the features we're working on before they are made public. 

Reach out to us on Twitter or get in touch

We hope the changes and features are useful and we're looking forward to your feedback! If you haven't yet, head over to and sign up for an account with a 7 day free trial!

Popular posts from this blog

Community Update - 3CORESec Blacklist 📓 🍯

Recently we tweeted about some issues we had with 3CORESec Blacklist , a platform that shares - openly and freely - a subset of the information seen and processed by our honeypot network.  While those issues have been addressed, and seeing as significant changes were made to how we monitor the generation of the lists (which is reflected in our status page ) and how we determine if an IP should be listed as an offending IP or not, this felt like a good opportunity to write a bit more about the platform as well as the changes we made.   For regular users of Blacklist 📓 the first thing they’ll notice is an increase on the numbers of IPs we include. That is a direct result of the changes we made and the growth of the honeypot network itself. We have not - and will not - ever increase the period for which we query the honeypot network, as we believe anything higher than 24h (as specified in the project page) for IP addresses can quickly fall into a decaying state that adds little value

Detection as Code (DaC) challenges - Introducing Automata

This blog post is the second part of our Detection as Code (DaC) challenges series. You can read part one here . The development process of detections by itself doesn't pose a lot of barriers for security engineering teams, as they are typically done in a lab/controlled environment, but after tuning and deploying rules to a SIEM, the work is only starting. Many things can go wrong after this, and a process of continued and automated testing is crucial. Detection Validation In an ideal (and fictional) world, once the datasets are parsed, normalized, and put into production, detections developed by your team would work forever. Still, the reality is quite different. Maintenance is heavy work that needs to be done frequently - especially if you work on an MSP - but the reality is that the ecosystem lacks tooling and processes to do it proactively. Effectiveness is an important metric and crucial to the successful response of incidents in time, and effectiveness is what we aim to ensu

Trapdoor - The serverless HTTP honeypot

  Today we are announcing the release of Trapdoor , our AWS-based serverless honeypot.  The idea of a serverless honeytoken isn't new. Adel released his honeyLambda a few years ago and we've been working with it for quite some time. It was because of this experience and the goal of improving on what was already a great idea that we decided to go to the drawing board and see how we would change and tweak the concept.  What is it? Trapdoor is a serverless application that can be deployed in any AWS environment. Its goal is to receive HTTP requests with the intent of identifying, and alerting, on its visitors. The URLs generated by Trapdoor can also be referred to as honeytokens .  While you can get creative on how to use it, one of the goals of a honeytoken is to be hidden or stored in a "safe" place and, if accessed, fire of an alarm, as access to the token would be considered a compromise or unauthorized access.  This example is the passive way of using deception ta