Before creating a Lacework Eventarc integration, complete the following steps:
- You must enable the following APIs for the Google Cloud Project you want to send Lacework events to:
- Email email@example.com with the following information:
- Your Name
- Your Lacework instance
- Your Google Project IDnote
This is needed so Google can enable the integration in your project.
- The Lacework alliances team will contact you with the sign-in information for the integration.
Create the Eventarc Integration
Navigate to GCP instructions for Lacework Eventarc Integration
- In a browser navigate to Subscribe to events from Lacework.
- Follow steps 1 through 4 in order to prepare Eventarc to receive events from Lacework.
Navigate to the Lacework instructions for Lacework Eventarc Integration
Ensure you have configured the GCP prequisites as described in Prerequisites. Then complete the following steps:
- Navigate and sign in using Google authentication to Lacework Google Eventarc Integration.
- Fill out the form to create a channel connection.
- Instance - The name of your Lacework Instance.note
Please exclude the lacework.net domain portion, instance.lacework.net
- Channel and Activation Token - This is the information from Step 4 of the GCP instructions.
- Instance - The name of your Lacework Instance.
- Click Submit. note
After clicking submit, it will take a few seconds for the integration creation process to complete.
- The table should automatically refresh with the new connection details.
- Click on the Download Credentials link for the created channel.
- Upload the provided JSON file with necessary credential information rather than manually entering this information using the Lacework Console. Click Choose File to select the JSON file that contains credential information including your service account key as described in the previous section.
- From the Group Issues by drop-down:
- Events - Select this option if you want a single GCP message to be created when compliance events of the same type but from different resources are detected by Lacework. For example, if three different S3 resources are generating the same compliance event, only one GCP message is created.
- In the ProjectID field, enter the Project ID that you were provided on the success page (eg:
- In the Topic ID field, enter the GCP topic ID that you were provided on the success page (eg:
Do not use the fully qualified path, only use the ID provided when you created the topic.
- Click Save.
- Click Alert Rules and configure your required alert routing details/options by leveraging the alert channel you created.