If you currently use VictorOps, Lacework can be configured to forward events to specific VictorOps groups using a VictorOps REST endpoint.
- To create REST endpoint in VictorOps, navigate to Settings > Alert Behavior > Integrations > REST – Generic
- If the REST endpoint integration has not been enabled, click the blue [Enable] button to generate your endpoint destination URL
Before providing the URL to Lacework, everything after the final forward slash must be replaced with the routing key that you want to use for the integration. Alert routing gives you the ability to assign specific types of alerts to specific groups. The final URL should be of the form:
When you have your Cisco Spark incoming WebHook, return to the Lacework UI, select Integrations > VictorOps, and:
- Click the [+ Add Integrations] button
- Provide a name for your integration
- Add the VictorOps REST endpoint URL
- Select an alert level; Lacework will forward events that only meet or exceed the chosen threshold
- Click the [Save] button
You should now start to receive Lacework event notifications in your chosen VictorOps group.