Articles in this section

See more

About Alert Channels

Lacework combines alert channels and alert rules to provide a flexible method for routing alerts. For alert channels (outgoing integrations), you define information about where to send alerts, such as to Jira or Slack. For alert rules, you define information about which alert types to send, such as critical and high severity compliance alerts. This two-part method provides the flexibility to define multiple channels and multiple rules and then have each rule use the channels you specify.

For example, you could define three channels in Lacework: email, Jira, and Slack. Then you can define multiple rules: critical severity alerts, high severity network and compliance alerts, high and medium alerts, and low and info alerts. Then select the appropriate channel(s) for each alert.

Create an Alert Channel

  1. Log in to the Lacework Console with a Lacework user that has administrative privileges.
  2. Navigate to Settings > Alert Routing > Alert Channels.
  3. Click + Create New.
  4. Select a Channel Type and name the channel.
  5. Complete the fields to configure the channel.
    See each channel's separate help for detailed field information.
  6. Click Save.
    The new channel appears in the table.

Now the alert channel can be used by an alert rule. An alert rule allows you to choose which resource groups and event categories you want to receive alerts for. See Alert Rules.

If you disable or delete a channel, ensure that any rules using the channel are associated with an enabled channel so that Lacework can still deliver the rule's alerts or reports. If a rule's only channel is disabled, its alerts or reports cannot be delivered.

Alert channels defined within an account can be used by that account only. They cannot be used by the organization. Alert channels defined at the organization level can be used at the organization level only. They cannot be used by accounts.

For the “Integration Pending” status, hover over the status text and click the refresh icon to fetch the status result again. This does not retest the integration.

Managing Alert Channels with Terraform

For organizations using Terraform to manage their environments, Lacework maintains the Terraform Provider for Lacework which enables configuration of Lacework Alert Channels using automation.

If you are new to the Lacework Terraform Provider, or Lacework Terraform Modules, read the Terraform for Lacework Overview to learn the basics on how to configure the provider and more.

For a complete list of custom Terraform resources to manage alert channels in Lacework, see Managing Alert Channels with Terraform.