📄️ Amazon EventBridge
You can configure an Amazon EventBridge Event bus (formerly CloudWatch Event bus) as a Lacework alert channel called Amazon CloudWatch within the platform. For more information about sending and receiving events between AWS accounts, see Amazon CloudWatch EventBridge.
📄️ Amazon Security Lake
Lacework can integrate with Amazon Security Lake, a security data lake that is based on the OCSF standard.
📄️ AWS Security Hub
The Lacework integration with AWS Security Hub pushes cloud security events from the Lacework Polygraph Data Platform (PDP) to Security Hub via the EventBridge alert channel, allowing your organization to manage all AWS posture and compliance events from a single, consolidated view.
📄️ Azure DevOps
Learn how to configure your Azure DevOps to receive Lacework alerts. This integration leverages the Azure DevOps REST API and an Azure Automation Account with a listening webhook to establish the connection between Lacework and Azure DevOps, as shown in the following diagram:
📄️ Cisco Webex Teams
You can configure a Lacework alert channel to forward alerts to a Webex Teams space as an incoming webhook.
The Datadog alert channel provides a unified view of your metrics, logs, and performance data combined with your cloud security data.
📄️ Elastic/ELK Stack
Lacework supports the following alert channels that forward Lacework alerts to your Elastic stack.
Lacework can generate and send alert summaries and reports to email addresses using an email alert channel. By default, Lacework creates a single email alert channel during the initial Lacework onboarding process and new members are added automatically. The default channel cannot be edited. You can add more email alert channels.
📄️ Google Cloud Pub/Sub
You can configure Lacework to forward events to this Google Cloud Pub/Sub asynchronous messaging service using the Lacework Google Cloud Pub/Sub alert channel. For more information about Google Cloud's asynchronous messaging service, see Google Cloud Pub/Sub.
📄️ Google Eventarc
📄️ IBM QRadar
To create an IBM QRadar alert channel, follow the steps in the sections below.
Integrate Lacework with Jira and receive alert notifications in your Jira account. With this integration, you can automate the process of generating Jira tickets with your existing security workflow.
📄️ Microsoft Teams
You can configure Lacework to forward alerts to a Microsoft Teams channel through an incoming webhook. Before completing the process in the Lacework Console, you must add a Microsoft Teams incoming webhook connector. Lacework recommends creating a dedicated channel for Lacework events.
📄️ New Relic
You can configure a Lacework alert channel to forward alerts to New Relic using the Insights API. To configure Lacework to forward events, you need your New Relic account ID and insert key.
The instructions and screenshots included in this document reflect the setup flow for the Standard and Enterprise version of OpsGenie.
PagerDuty + Lacework Integration Benefits
You can configure Lacework to forward alerts to ServiceNow using the ServiceNow REST API.
Use the Slack integration to send notifications to Slack channels or users when an alert is triggered. A Slack notification includes the following information:
You can configure Lacework to forward alerts to Splunk using an HTTP Event Collector (HEC).
📄️ Sumo Logic
A Lacework Amazon CloudWatch alert channel can forward Lacework alerts to you via CloudWatch. You can then configure a rule to send alerts to a specified target via SNS. After this is setup, you can subscribe a Sumo Logic custom app endpoint to the SNS topic. This allows your Lacework alerts to be sent via SNS (Simple Notification Service) subscription to your Sumo Logic custom app endpoint where you can view alert data in Sumo Logic.
You can configure Lacework to forward alerts to specific VictorOps groups using a VictorOps REST endpoint.
You can create a custom webhook that receives Lacework alert notifications from a Lacework alert channel and forwards those alerts to another application.