Skip to main content

Slack Alert Channel

Use the Slack integration to send notifications to Slack channels or users when an alert is triggered. A Slack notification includes the following information:

  • Lacework Account Name
  • Alert Type
  • Start Time
  • Alert Category
  • Severity Level
  • Event Details
  • Link to the alert on Lacework Console

Create an Incoming Webhook

Do the following:

  1. Navigate to the Incoming WebHooks page in your Slack App Directory.
  2. Select Add Configuration.
  3. Choose the channel or create a new channel where your incoming webhook will post messages.
  4. Click Add Incoming WebHooks Integration.
  5. You can optionally customize your app by adding a descriptive label, name, or icon.
  6. Select Save Settings.

For more information about using Slack incoming webhooks, refer to the Slack document library.

Create a Slack Alert Channel from the Lacework Console

Do the following:

  1. Log in to the Lacework Console as a Lacework user with administrative privileges.
  2. Go to Settings > Notifications > Alert channels.
  3. Click + Add new.
  4. Select Slack.
  5. Click Next.
  6. Verify you have created your Lacework-dedicated incoming webhook as described in Create an Incoming Webhook.
  7. Specify the name of the alert channel.
  8. Add the URL of your Slack incoming webhook.
  9. Select Save.
  10. Select Alert rules and configure your required alert routing details/options by leveraging the alert channel you created.

You should now begin to receive Lacework alert notifications in your chosen Slack channel.

Create a Lacework Slack Alert Channel Using Terraform

For organizations using Terraform to manage their environments, Lacework maintains the Terraform provider for Lacework, which enables configuration of Lacework alert channels using automation.

For a complete list of custom Terraform resources to manage alert channels in Lacework, see Managing Alert Channels with Terraform.

# Configure Slack Alert Channel in Lacework
resource "lacework_alert_channel_slack" "ops_critical" {
name = "OPS Critical Alerts"
slack_url = "https://hooks.slack.com/services/ABCD/12345/abcd1234"
}

Additional information on the lacework_alert_channel_slack resource can be found on the Terraform Registry.