Skip to main content

Alert Channels

Lacework combines alert channels and alert rules to provide a flexible method for routing alerts. For alert channels (outgoing integrations), you define information about where to send alerts, such as to Jira or Slack. For alert rules, you define information about which alert types to send, such as critical and high severity compliance alerts. This two-part method provides the flexibility to define multiple channels and multiple rules and then have each rule use the channels you specify.

For example, you could define three channels in Lacework: email, Jira, and Slack. Then you can define multiple rules: critical severity alerts, high severity network and compliance alerts, high and medium alerts, and low and info alerts. Then select the appropriate channel(s) for each alert.

Create an Alert Channel

  1. Log in to the Lacework Console with a Lacework user that has administrative privileges.
  2. Navigate to Settings > Notifications > Alert channels.
  3. Click + Add New.
  4. Select a channel type and click Next.
  5. Type a name for the channel and complete the fields to configure the channel.
    Click the Help docs link to see detailed field information for each channel type.
  6. Click Save.
    The new channel appears in the table.

Now the alert channel can be used by an alert rule. An alert rule allows you to choose which resource groups and event categories you want to receive alerts for. See Alert Rules.

If you disable or delete a channel, ensure that any rules using the channel are associated with an enabled channel so that Lacework can still deliver the rule's alerts or reports. If a rule's only channel is disabled, its alerts or reports cannot be delivered.

Alert channels defined within an account can be used by that account only. They cannot be used by the organization. Alert channels defined at the organization level can be used at the organization level only. They cannot be used by accounts.

For the “Integration Pending” status, hover over the status text and click the refresh icon to fetch the status result again. This does not retest the integration.

Managing Alert Channels with Terraform

For organizations using Terraform to manage their environments, Lacework maintains the Terraform provider for Lacework, which enables configuration of Lacework alert channels using automation.

If you are new to the Lacework Terraform Provider, or Lacework Terraform Modules, read the Terraform for Lacework Overview to learn the basics on how to configure the provider and more.

For a complete list of custom Terraform resources to manage alert channels in Lacework, see Managing Alert Channels with Terraform.

Alert Channel Errors

The following table lists the possible error messages returned by Lacework, with details on how you can troubleshoot the problem.

Error MessageSuggested Troubleshooting
Sync failed. Check alert channel, alert rule, and Jira configurations.- Check the alert channel's configuration to ensure the information provided in each field is accurate. See Jira.
- Check if you have created at least one alert rule for the alert channel to use. See Alert Rules.
- Check if you have created a Jira webhook using the URL provided by Lacework. See Jira.
- If you have created the alert channel from a custom template, check if the template contains the following required fields: summary, description, and priority.
Unable to update alert status because of missing status categories in Jira.Check your Jira workflow to ensure you have status categories set up. See How to create workflows for company-managed projects.

Alert Channel Warnings

The following table lists the possible warning messages retuned by Lacework, with details on how you can troubleshoot the problem.

Warning MessageSuggested Troubleshooting
No information has been received by Lacework from Jira. Make sure you have completed the configuration process in Jira.- Check if you have completed all the required steps to set up the alert channel with Jira. See Jira.
- Check if you have created at least one alert rule for the alert channel to use. See Alert Rules.
This alert channel has not been active in the last three days. Please check for any errors with the integration.- Check if you have completed all the required steps to set up the alert channel with Jira. See Jira.
- Check if you have created at least one alert rule for the alert channel to use. See Alert Rules.