Create an alert channel to forward Lacework alert notifications to Google Eventarc
Before creating a Lacework Eventarc integration, complete the following steps:
- Enable the following APIs for the Google Cloud Project you want to send Lacework events to:
- Email firstname.lastname@example.org the following information:
- Your Name
- Your Lacework instance
- Your Google Project IDnote
The information is needed to enable the integration in your project.
- The Lacework alliances team will contact you with the sign-in information for the integration.
Create the Eventarc Integration
Do the following:
- Using a web browser navigate to Subscribe to events from Lacework.
- Follow steps 1 through 4 in order to prepare Eventarc to receive events from Lacework.
Configure the Lacework Eventarc Integration
Verify that you have configured the Google Cloud perquisites as described in Prerequisites. Follow these steps:
- Navigate and sign in using Google authentication to Lacework Google Eventarc Integration.
- Fill the form to create a channel connection.
- Instance - The name of your Lacework Instance.note
Exclude the lacework.net domain portion, instance.lacework.net
- Channel and Activation Token - This is the information from Step 4 of the GCP instructions.
- Instance - The name of your Lacework Instance.
- Click Submit.note
It will take a few seconds for the integration creation process to complete.
- The table should automatically refresh with the new connection details.
- Click on the Download Credentials link for the created channel.
- Upload the provided JSON file with necessary credential information rather than manually entering this information using the Lacework Console. Select Choose File to select the JSON file that contains credential information including your service account key as described in the previous section.
- From the Group Issues by drop-down:
- Events - Select this option if you want a single GCP message to be created when compliance events of the same type but from different resources are detected by Lacework. For example, if three different S3 resources are generating the same compliance event, only one GCP message is created.
- In the ProjectID field, enter the Project ID that you were provided on the success page (for example:
- In the Topic ID field, enter the GCP topic ID that you were provided on the success page (for example:
Do not use the fully qualified path, only use the ID provided when you created the topic.
- Click Save.
- Click Alert Rules and configure your required alert routing details/options by leveraging the alert channel you created.