Articles in this section

See more

About Alert Channels

Lacework combines alert channels and alert rules to provide a flexible method for routing alerts. For alert channels (outgoing integrations), you define information about where to send alerts, such as to Jira or Slack. For alert rules, you define information about which alert types to send, such as critical and high severity compliance alerts. This two-part method provides the flexibility to define multiple channels and multiple rules and then have each rule use the channels you specify.

For example, you could define three channels in Lacework: email, Jira, and Slack. Then you can define multiple rules: critical severity alerts, high severity network and compliance alerts, high and medium alerts, and low and info alerts. Then select the appropriate channel(s) for each alert.

Create an Alert Channel

  1. Log in to the Lacework Console with a Lacework user that has administrative privileges.
  2. Navigate to Settings > Alert Channels.
  3. Click + Create New.
  4. Select a Channel Type and name the channel.
  5. Complete the fields to configure the channel.
    See each channel's separate help for detailed field information.
  6. Click Save.
    The new channel appears in the table.

Now the alert channel can be used by an alert rule. An alert rule allows you to choose which resource groups and event categories you want to receieve alerts for. See Alert Rules.

If you disable or delete a channel, ensure that any rules using the channel are associated with an enabled channel so that Lacework can still deliver the rule's alerts or reports. If a rule's only channel is disabled, its alerts or reports cannot be delivered.

Alert channels defined within an account can be used by that account only. They cannot be used by the organization. Alert channels defined at the organization level can be used at the organization level only. They cannot be used by accounts.

NOTE: The ability to enroll in an organization is currently in invitation only, limited beta.

For the “Integration Pending” status, hover over the status text and click the refresh icon to fetch the status result again. This does not retest the integration.