To incorporate Lacework events into your existing workflow, Lacework can be configured to forward events to a Slack channel through an incoming WebHook. Before completing the process in the Lacework Console, you must create an incoming Slack WebHook. Lacework recommends creating a dedicated Slack channel for Lacework events.
To create an incoming WebHook:
- Navigate to the Incoming WebHooks page in your Slack App Directory.
- Click Add Configuration.
- Choose the channel or create a new channel to which your Incoming WebHook will post messages.
- Click Add Incoming WebHooks Integration.
- You can optionally customize your app by adding a descriptive label, name or icon.
- Click Save Settings.
For more information about using Slack incoming WebHooks, please refer to the Slack document library.
After you have created your Lacework dedicated incoming WebHook, return to the Lacework Console, select Integrations > Slack, and complete the following steps:
- Click + Add Integrations.
- Provide a name for your integration.
- Add the URL of your Slack incoming WebHook.
- Select an alert severity level - Lacework will only forward events that meet or exceed the chosen threshold.
- Click Save.
You should now begin to receive Lacework event notifications in your chosen Slack channel.