To incorporate Lacework events into your existing workflow, Lacework can be configured to forward events to ServiceNow using the ServiceNow REST API Lacework requires a ServiceNow user name with either a web_service_admin, rest_api_explorer, or admin role.
For management and security purposes, Lacework recommends creating a dedicated Lacework-ServiceNow user. For more information, please refer to the ServiceNow REST API Reference.
When you have created a user and chosen a password, return to the Lacework UI, select Integrations > ServiceNow, and:
- Click the [+ Add Integration] button
- Name the integration
- Enter your ServiceNow user name
- Enter the user name password
- Add your instance URL
- Select an alert severity level; Lacework will only forward events that meet or exceed the chosen threshold
- Click the [Save] button
You should now start to receive Lacework events in the ServiceNow security incident response system.