You can configure Lacework to forward events to ServiceNow using the ServiceNow REST API. Lacework requires a ServiceNow user name with either a web_service_admin, rest_api_explorer, or admin role.
For management and security purposes, Lacework recommends creating a dedicated Lacework-ServiceNow user. For more information, refer to ServiceNow documentation: REST API Reference.
After you create a ServiceNow user and password, return to the Lacework Console and complete the following steps:
- Log in to the Lacework Console with a Lacework user that has administrative privileges.
- Select Settings > Integrations.
- Under OUTGOING, select ServiceNow.
- Click + Add Integration.
- Name the integration.
- Enter your ServiceNow user name.
- Enter the user name password.
- Add your instance URL.
- Select an alert severity level; Lacework forwards events that only meet or exceed the chosen threshold.
- Click Save.
You should now start to receive Lacework events in the ServiceNow security incident response system.