Lacework recommends this integration workflow to forward Lacework events to your Elastic stack: Send Lacework events to SQS via AWS CloudWatch and then retrieve the events from SQS via a plugin from Elastic.
Add a Lacework Integration for AWS CloudWatch
Follow the steps described in AWS CloudWatch to forward events from Lacework to CloudWatch.
Follow these steps to add an event source mapping for an Amazon SQS queue and send events via trigger to it. See AWS documentation for details.
- Open the Lambda console Functions page.
- Choose a function.
- Under Add triggers, choose SQS.
- Under Configure triggers, configure the event source.
- SQS queue: Specify the source queue.
- Batch size: Specify the maximum number of items to read from the queue and send to your function, in a single invocation.
- Enabled: Clear the check box to disable the event source.
- Choose Add.
- Choose Save.
Configure the Elastic Stack
See Elastic documentation to configure your Elastic stack to retrieve events from SQS with sqs-input plugin.