Articles in this section

See more

Webhooks

To incorporate Lacework events into your existing workflow, Lacework supports the creation of custom webhooks that can receive Lacework event notifications from a Lacework Webhooks Integration and forwards those events to another application.

After you configure a Lacework Webhook Integration, when Lacework generates an event, it automatically sends that event to the URL endpoint you configure in the Webhook Integration. Lacework generates a new event by sending an HTTP POST request with the following Lacework payload as shown in the following example.  

{
"event_title": "Compliance Changed",
"event_link": "https://myLacework.lacework.net/ui/investigate/Event/120884?startTime=1565370000000&endTime=1565373600000",
"lacework_account": "myLacework",
"event_source": "AzureCompliance",
"event_summary":"Azure Account myLacework Pay-As-You-Go: Azure_CIS_2_1 Ensure that standard pricing tier is selected changed from compliant to non-compliant",
"event_timestamp":"09 Aug 2019 17:00 GMT",
"event_type": "Compliance",
"event_id": "120884",
"event_severity": "4"
}

The following table describes the elements of the Lacework payload.

Field Name

Description

event_title

The title of the Lacework event.

event_link

The link to the event in the Lacework Console.

lacework_account

The Lacework Application where the event occurred. The myLacework part of the Lacework Application URL: myLacework.lacework.net

event_source

The source of the event or where the event occurred.

event_summary

A summary of the event including a description of why the event occurred.

event_timestamp

The timestamp of when the event occurred.

event_type

The type (or category) of the event.

event_id

The Lacework id for the event.

event_severity

The severity of the event between the numbers 1 and 5. The number 1 is the highest severity and 5 is the lowest severity.  

Create a webhook to receive the HTTP POST request from Lacework and take some action. For example, your webhook could read the payload from the Lacework HTTP POST request, parse the properties from the incoming payload, generate another event with the properties in a different format, and send that event to another application such as Opsgenie.

After you have created the webhook to receive the HTTP POST request from Lacework, create the Webhook Integration in the Lacework Console by completing the following steps.

  1. Log in to the Lacework Console.
  2. Select Settings > Integrations.
  3. Select Webhook.
  4. Click + ADD INTEGRATION.
  5. In the Name field, provide a name for your integration.
  6. In the Webhook URL, enter URL your webhook that will receive the HTTP POST request from Lacework.
  7. From the Alert Severity Level drop-down, select an event (alert) severity level. Lacework will only forward events that meet or exceed the chosen threshold.
  8. Click Save.