You can configure Lacework to forward alerts to a Slack channel through an incoming webhook. Before completing the process in the Lacework Console, you must create an incoming Slack webhook. Lacework recommends creating a dedicated Slack channel for Lacework events.
Create an Incoming Webhook
- Navigate to the Incoming WebHooks page in your Slack App Directory.
- Click Add Configuration.
- Choose the channel or create a new channel where your incoming webhook will post messages.
- Click Add Incoming WebHooks Integration.
- You can optionally customize your app by adding a descriptive label, name, or icon.
- Click Save Settings.
For more information about using Slack incoming webhooks, refer to the Slack document library.
Create a Lacework Alert Channel
After you create your Lacework-dedicated incoming webhook, return to the Lacework Console and complete the following steps:
- Log in to the Lacework Console with a Lacework user that has administrative privileges.
- Navigate to Settings > Alert Routing > Alert Channels.
- Click + Create New.
- Select Slack.
- Name the channel.
- Add the URL of your Slack incoming webhook.
- Click Save.
- Click Alert Rules and configure your required alert routing details/options by leveraging the alert channel you created.
You should now begin to receive Lacework alert notifications in your chosen Slack channel.