To incorporate Lacework events into your existing workflow, Lacework can be configured to forward events to a Slack channel through an incoming WebHook. Before completing the process in the Lacework UI, you will need to create an incoming Slack WebHook. Lacework recommends that you to also create a dedicated Slack channel for Lacework events.
To create an incoming WebHook:
- Navigate to the Incoming WebHooks page in your Slack App Directory
- Click the [Add Configuration] button
- Choose the channel or create a new channel to which your Incoming WebHook will post messages
- Click the [Add Incoming WebHooks Integration] button
- If you’d like, you can customize your app by adding a descriptive label, name or icon
- Click [Save Settings] to finish
For more information about using Slack incoming WebHooks, please refer to the Slack document library.
After you have created your Lacework dedicated incoming WebHook, return to the Lacework UI, select Integrations > Slack, and:
- Click the [+ Add Integrations] button
- Provide a name for your integration
- Add the URL of your Slack incoming WebHook
- Select an alert severity level - Lacework will only forward events that meet or exceed the chosen threshold
- Click the [Save] button
You should now begin to receive Lacework event notifications in your chosen Slack channel.