To incorporate Lacework events into your existing workflow, Lacework can be configured to forward events to ServiceNow using the ServiceNow REST API Lacework requires a ServiceNow user name with either a web_service_admin, rest_api_explorer, or admin role.
For management and security purposes, Lacework recommends creating a dedicated Lacework-ServiceNow user. For more information, please refer to the ServiceNow REST API Reference.
When you have created a ServiceNow user and password, return to the Lacework Console and complete the following steps:
- Select Integrations > ServiceNow.
- Click + Add Integration.
- Name the integration.
- Enter your ServiceNow user name.
- Enter the user name password.
- Add your instance URL.
- Select an alert severity level; Lacework will only forward events that meet or exceed the chosen threshold.
- Click Save.
You should now start to receive Lacework events in the ServiceNow security incident response system.