Skip to main content

Slack

Use the Slack integration to send notifications to Slack channels or users when an alert is triggered. A Slack notification includes the following information:

  • Lacework Account Name
  • Alert Type
  • Start Time
  • Alert Category
  • Severity Level
  • Event Details
  • Link to the alert on Lacework Console

Create an Incoming Webhook

  1. Navigate to the Incoming WebHooks page in your Slack App Directory.
  2. Click Add Configuration.
  3. Choose the channel or create a new channel where your incoming webhook will post messages.
  4. Click Add Incoming WebHooks Integration.
  5. You can optionally customize your app by adding a descriptive label, name, or icon.
  6. Click Save Settings.

For more information about using Slack incoming webhooks, refer to the Slack document library.

Create a Slack Alert Channel from the Lacework Console

  1. Log in to the Lacework Console as a Lacework user with administrative privileges.
  2. Go to Settings > Notifications > Alert channels.
  3. Click + Add new.
  4. Select Slack.
  5. Click Next.
  6. Follow the steps in the next section.

Create a Slack Alert Channel

Ensure you have created your Lacework-dedicated incoming webhook as described in Create an Incoming Webhook. Then complete the following steps:

  1. Name the channel.
  2. Add the URL of your Slack incoming webhook.
  3. Click Save.
  4. Click Alert rules and configure your required alert routing details/options by leveraging the alert channel you created.

You should now begin to receive Lacework alert notifications in your chosen Slack channel.

Create a Lacework Slack Alert Channel Using Terraform

For organizations using Terraform to manage their environments, Lacework maintains the Terraform provider for Lacework, which enables configuration of Lacework alert channels using automation.

If you are new to the Lacework Terraform Provider, or Lacework Terraform Modules, read the Terraform for Lacework Overview to learn the basics on how to configure the provider, and more.

For a complete list of custom Terraform resources to manage alert channels in Lacework, see Managing Alert Channels with Terraform.

# Configure Slack Alert Channel in Lacework
resource "lacework_alert_channel_slack" "ops_critical" {
  name      = "OPS Critical Alerts"
  slack_url = "https://hooks.slack.com/services/ABCD/12345/abcd1234"
}

Additional information on the lacework_alert_channel_slack resource can be found on the Terraform Registry.