PagerDuty Alert Channel
Lacework events that are generated from anomaly detection, compliance, vulnerabilities, or configured rule definitions, send an event to a service in PagerDuty. Events from Lacework can trigger a new incident on the corresponding PagerDuty service or, be grouped as alerts into an existing incident.
For additional information about incidents and alerts, see https://support.pagerduty.com/docs/incidents and https://support.pagerduty.com/docs/alerts.
Prerequisites
Verify that you have the following:
- An Admin base role for account authorization. If you do not have this role, contact an Admin or Account Owner within your organization to configure the integration.
- An integration key, and alerts and incidents must be enabled. Integration keys are generated by creating a new service or by creating a new integration for an existing service.
Configure PagerDuty
Follow these steps:
- Navigate to Services > Service Directory.
- Add an integration to a service through one of the following methods:
- Add your integration to an existing service—In the Configuring Services and Integrations documentation, follow the procedure in the Edit Existing Service Settings section.
- Create a new service for your integration—In the Configuring Services and Integrations documentation, follow the procedure in the Create a New Service section.
- Expand the Lacework integration's settings.
- Edit the Integration Name so it uses the format
monitoring-tool-service-name(e.g., Lacework-Cloud-Security) and click Save. - When you expand the integration's settings, you can also view the Integration Key. Save this key in a safe location because it will be used when you configure the integration with Lacework in the next section.
Create a PagerDuty Alert Channel
Do the following:
- Log in to the Lacework Console as a Lacework user with administrative privileges.
- Go to Settings > Notifications > Alert channels.
- Click + Add new.
- Select PagerDuty.
- Click Next.
Ensure you have set up your PagerDuty integration.
Follow the following steps:
- Name the channel (e.g., PagerDuty-something).
- Add your integration key.
- Click Save.
- Locate the new PagerDuty alert channel.
Notice that the status check reads “Integration Check Pending.” - Click Test Integration and it will indicate “success.”
From the PagerDuty console, confirm that an incident was triggered with the subject “This is a test Message.” - When complete, select Alert rules and configure your required alert routing details/options by leveraging the alert channel you created.
Disable the PagerDuty Alert Channel
Follow these steps:
- Log in to the Lacework Console as a Lacework user with administrative privileges.
- Go to Settings > Notifications > Alert Channels.
- Locate the desired PagerDuty alert channel.
- In the Status column, click the green Enabled status to change it to Disabled.
Uninstall the PagerDuty Alert Channel
Follow these steps:
- Log in to the Lacework Console with a Lacework user that has administrative privileges.
- Navigate to Settings > Notifications > Alert Channels.
- Select the PagerDuty alert channel checkbox and click Delete.
Create a Lacework PagerDuty Alert Channel Using Terraform
For organizations using Terraform to manage their environments, Lacework maintains the Terraform provider for Lacework, which enables configuration of Lacework alert channels using automation.
For a complete list of custom Terraform resources to manage alert channels in Lacework, see Managing Alert Channels with Terraform.
# Configure PagerDuty Alert Channel in Lacework
resource "lacework_alert_channel_pagerduty" "critical" {
name = "Forward Critical Alerts"
integration_key = "1234abc8901abc567abc123abc78e012"
}
Additional information on the lacework_alert_channel_pagerduty resource can be found on the Terraform Registry.