Opsgenie
note
The instructions and screenshots included in this document reflect the setup flow for the Standard and Enterprise version of OpsGenie. If you have a Free or Essentials version, the setup flow and your options to customize the integration might be different. Visit Atlassian Support for more details.
To create an Opsgenie alert channel that parses Lacework alert data, follow the steps in the sections below.
Create an Advanced Integration in Opsgenie
Log in to Opsgenie and create an advanced integration from the list of integrations (use "GitHub" for example). Ensure that there is only one Create Alert action, and that it is the only action. You can add more actions later, but they are not necessary to work with Lacework’s data.
In the Name field, enter
Lacework.Ensure the Enabled checkbox is checked.
In the Filter drop-down, set Match all alerts.
In the Message field, enter the following text:
[Lacework] {{_payload.event_title}}In the Alias field, enter the following text:
{{id}}In the Priority field, select Custom Value to Opsgenie Priority.
In the Mapped Priority Value field, enter the following text:
P{{_payload.event_severity}}In the Source field, enter the following text:
{{_payload.event_source}}In the Description field, enter the following text:
Event Id: {{_payload.event_id}}Event Description: {{_payload.event_description}}Event Time: {{_payload.event_timestamp}}Event Type: {{_payload.event_type}}Event Link: {{_payload.event_link}}Lacework Account: {{_payload.lacework_account}}In the User field, enter
Lacework.
Click Save Integration.
Create the Webhook Alert Channel in Lacework
Follow the Lacework Webhook Alert Channel steps to create a custom webhook, inputting the Advanced Integration Opsgenie link as the Webhook URL.
Example Lacework Alert in Opsgenie
