Articles in this section

See more

Google Cloud Pub/Sub

You can configure Lacework to forward events to this Google Cloud Pub/Sub asynchronous messaging service using the Lacework Google Cloud Pub/Sub alert channel. For more information about Google Cloud's asynchronous messaging service, see Google Cloud Pub/Sub.

Prerequisites

Before creating Lacework Google Cloud Pub/Sub alert channel, complete the following prerequisites steps:

  1. You must create a topic and a subscription in the Google Cloud Pub/Sub to receive the Lacework events. For instructions, see Create a topic and Add a subscription.
  2. You must create a new service account, set the permission to allow the Service Account to publish to the topic, and download the Service Account credentials as a JSON file as described in Setting up authentication.

Lacework recommends downloading a JSON file that contains credential information including your service account key rather than entering the credential information manually in the Lacework Console. You can then upload this JSON file when creating the Lacework GCP Pub/Sub Alert Channel in the Lacework Console to populate the credential information as described in the process below.

Create a Lacework GCP Pub/Sub Alert Channel

  1. Log in to the Lacework Console with a Lacework user that has administrative privileges.
  2. Navigate to Settings > Alert Channels.
  3. Click + Create New.
  4. Select GCP Pub/Sub.
  5. In the Name field, enter a name for the channel that is visible in the Lacework Console.
  6. Lacework recommends uploading a JSON file with necessary credential information rather than manually entering this information using the Lacework Console. Click Choose File to select the JSON file that contains credential information including your service account key as described in the previous section.
  7. From the Group Issues by drop-down, select one of the options:
    • Events—Select this option if you want a single GCP message to be created when compliance events of the same type but from different resources are detected by Lacework. For example, if three different S3 resources are generating the same compliance event, only one GCP message is created.
    • Resources—Select this option if you want multiple GCP messages to be created when multiple resources are generating the same compliance event. For example, if three different S3 resources are generating the same compliance event, three GCP messages are created.
  8. If you did not upload the JSON file, enter values for following credential fields:
    • Client ID
    • Private Key ID
    • Client Email
    • Private Key
    • Project ID
  9. In the Topic ID field, enter the GCP topic ID that you are using in your GCP Pub/Sub.
  10. Click Save.