You can configure Lacework to forward events to a Slack channel through an incoming webhook. Before completing the process in the Lacework Console, you must create an incoming Slack webhook. Lacework recommends creating a dedicated Slack channel for Lacework events.
Create an Incoming Webhook
- Navigate to the Incoming WebHooks page in your Slack App Directory.
- Click Add Configuration.
- Choose the channel or create a new channel where your incoming webhook will post messages.
- Click Add Incoming WebHooks Integration.
- You can optionally customize your app by adding a descriptive label, name, or icon.
- Click Save Settings.
For more information about using Slack incoming webhooks, refer to the Slack document library.
Add a Lacework Integration
After you create your Lacework-dedicated incoming webhook, return to the Lacework Console and complete the following steps:
- Log in to the Lacework Console with a Lacework user that has administrative privileges.
- Select Settings > Integrations.
- Under OUTGOING, select Slack.
- Click + Add Integration.
- Name the integration.
- Add the URL of your Slack incoming webhook.
- Select an alert severity level; Lacework forwards events that only meet or exceed the chosen threshold.
- Click Save.
You should now begin to receive Lacework event notifications in your chosen Slack channel.