Skip to main content

Google Eventarc Alert Channel

Create an alert channel to forward Lacework alert notifications to Google Eventarc

Prerequisites

Before creating a Lacework Eventarc integration, complete the following steps:

  1. Enable the following APIs for the Google Cloud Project you want to send Lacework events to:
    1. Resource Manager
    2. Pub/Sub
    3. Eventarc
    4. Eventarc Publishing
  2. Email alliances-tech@lacework.net the following information:
    1. Your Name
    2. Your Lacework instance
    3. Your Google Project ID
      note

      The information is needed to enable the integration in your project.

  3. The Lacework alliances team will contact you with the sign-in information for the integration.

Create the Eventarc Integration

Do the following:

  1. Using a web browser navigate to Subscribe to events from Lacework.
  2. Follow steps 1 through 4 in order to prepare Eventarc to receive events from Lacework.

Configure the Lacework Eventarc Integration

Verify that you have configured the Google Cloud perquisites as described in Prerequisites. Follow these steps:

  1. Navigate and sign in using Google authentication to Lacework Google Eventarc Integration.
  2. Fill the form to create a channel connection.
    1. Instance - The name of your Lacework Instance.
      note

      Exclude the lacework.net domain portion, instance.lacework.net

    2. Channel and Activation Token - This is the information from Step 4 of the Google Cloud instructions.
  3. Click Submit.
    note

    It will take a few seconds for the integration creation process to complete.

  4. The table should automatically refresh with the new connection details.
  5. Click on the Download Credentials link for the created channel.
  6. Upload the provided JSON file with necessary credential information rather than manually entering this information using the Lacework Console. Select Choose File to select the JSON file that contains credential information including your service account key as described in the previous section.
  7. From the Group Issues by drop-down:
    • Events - Select this option if you want a single Google Cloud message to be created when compliance events of the same type but from different resources are detected by Lacework. For example, if three different S3 resources are generating the same compliance event, only one Google Cloud message is created.
  8. In the ProjectID field, enter the Project ID that you were provided on the success page (for example: alliances-eventarc).
  9. In the Topic ID field, enter the Google Cloud topic ID that you were provided on the success page (for example: alliances).
    note

    Do not use the fully qualified path, only use the ID provided when you created the topic.

  10. Click Save.
  11. Click Alert Rules and configure your required alert routing details/options by leveraging the alert channel you created.