Notifications
Lacework Edge can direct alerts to end users in several ways, as described here.
Users / Groups
In an Alert Rule, you can elect to send alerts to specific Users or Groups. Alerts will be sent to the user (or users in a group) at the email address on file with Lacework Edge, which comes from your Identity Provider.
Notification Channels
Rather than alerting specific users or groups as described above, you can also configure Lacework Edge to send alerts to Notification Channels.
To create and edit Notification Channels, click the settings icon at the top-right of the console, and then choose Settings. Click the Notifications item in the Setup list to view and modify notification settings:
Existing Notification Channels will be listed here. You can click the 3-dot menu on the far right of each channel to view, edit, or delete it. To create a new channel, click + Create Channel in the top-right.
Slack
Lacework Edge has two integrations with Slack for sending alerts to a given Slack channel.
- OAuth (recommended): To set up this channel, you will need to authorize Lacework Edge to access your Slack workspace, which will allow the Lacework Edge to post to the channel you specify as a Slack App.
- Webhook: Lacework Edge will send alerts to an incoming webhook you have created and enabled in your Slack account. Finishing this integration will require the webhook URL from that setup.
Lacework recommends using the OAuth integration as it is more secure, and this integration offers us opportunities to create richer integrations in the future.
Microsoft Teams
Lacework Edge will send alerts to an incoming webhook you have created and enabled in your Teams account. Finishing this integration will require the webhook URL from that setup.
Email
Lacework Edge can send alerts to any email address you designate. This can be useful to send to a broadcast or on-call team email that isn't defined as a group in your Identity Provider.