Skip to main content

Google Eventarc


Before creating a Lacework Eventarc integration, complete the following steps:

  1. You must enable the following APIs for the Google Cloud Project you want to send Lacework events to:
    1. Resource Manager
    2. Pub/Sub
    3. Eventarc
    4. Eventarc Publishing
  2. Email with the following information:
    1. Your Name
    2. Your Lacework instance
    3. Your Google Project ID

      This is needed so Google can enable the integration in your project.

  3. The Lacework alliances team will contact you with the sign-in information for the integration.

Create the Eventarc Integration

  1. In a browser navigate to Subscribe to events from Lacework.
  2. Follow steps 1 through 4 in order to prepare Eventarc to receive events from Lacework.

Ensure you have configured the GCP prequisites as described in Prerequisites. Then complete the following steps:

  1. Navigate and sign in using Google authentication to Lacework Google Eventarc Integration.
  2. Fill out the form to create a channel connection. Create Channel
    1. Instance - The name of your Lacework Instance.

      Please exclude the domain portion,

    2. Channel and Activation Token - This is the information from Step 4 of the GCP instructions.
  3. Click Submit.

    After clicking submit, it will take a few seconds for the integration creation process to complete.

  4. The table should automatically refresh with the new connection details.
  5. Click on the Download Credentials link for the created channel.
  6. Upload the provided JSON file with necessary credential information rather than manually entering this information using the Lacework Console. Click Choose File to select the JSON file that contains credential information including your service account key as described in the previous section.
  7. From the Group Issues by drop-down:
    • Events - Select this option if you want a single GCP message to be created when compliance events of the same type but from different resources are detected by Lacework. For example, if three different S3 resources are generating the same compliance event, only one GCP message is created.
  8. In the ProjectID field, enter the Project ID that you were provided on the success page (eg: alliances-eventarc).
  9. In the Topic ID field, enter the GCP topic ID that you were provided on the success page (eg: alliances).

    Do not use the fully qualified path, only use the ID provided when you created the topic.

  10. Click Save.
  11. Click Alert Rules and configure your required alert routing details/options by leveraging the alert channel you created.