Opsgenie Alert Channel
Create an Opsgenie alert channel to forward Lacework alert data.
The instructions in this document reflect the flow for the Standard and Enterprise version of OpsGenie. If you have a Free or Essentials version, the flow and your options to customize the integration might be different. Visit Atlassian Support for more details.
Create an Advanced Integration in Opsgenie
Follow these steps:
Do the following:
Log in to Opsgenie.
Create an advanced integration from the list of integrations (use "GitHub" for example). Ensure that there is only one Create Alert action, and that it is the only action. You can add more actions later, but they are not necessary to work with Lacework’s data.
In the Name field, enter
Lacework.Check the Enabled checkbox.
In the Filter drop-down, set Match all alerts.
In the Message field, enter the following text:
[Lacework] {{_payload.event_title}}In the Alias field, enter the following text:
{{id}}In the Priority field, select Custom Value to Opsgenie Priority.
In the Mapped Priority Value field, enter the following:
P{{_payload.event_severity}}In the Source field, enter the following:
{{_payload.event_source}}In the Description field, enter the following:
Event Id: {{_payload.event_id}}Event Description: {{_payload.event_description}}Event Time: {{_payload.event_timestamp}}Event Type: {{_payload.event_type}}Event Link: {{_payload.event_link}}Lacework Account: {{_payload.lacework_account}}In the User field, enter
Lacework.Click Save Integration.
Create the Webhook Alert Channel in Lacework
Follow the Lacework Webhook Alert Channel steps to create a custom webhook, inputting the Advanced Integration Opsgenie link as the Webhook URL.