fix(Lacework): add new section about how to create a service user and…

… add screenshots
SEKOIA-IO · Mar 27, 2024 · 61d5ce9 · 61d5ce9
1 parent 34c17fb
commit 61d5ce9
Showing 1 changed file with 36 additions and 9 deletions.
diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/lacework_cloud_security.md b/docs/xdr/features/collect/integrations/cloud_and_saas/lacework_cloud_security.md
@@ -21,15 +21,45 @@ To create API keys, you must have the account admin role or otherwise have write
 
 ### Create Lacework Credentials
 
+#### Create a service user
+
+In the lacework console:
+
+1. Go to `Settings`
+
+    ![step 1](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_01.png)
+
+2. In the settings, go to `Access Control` > `Users` > `Account level` and click `+ Add New`
+
+    ![step 2](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_02.png)
+
+3. To create a service user:
+
+    1. Select `Service user` as user type 
+    2. Give the user a name and an optional description
+    3. Click `Next`
+
+        ![step 3](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_03.png)
+
+    4. Select `Read-Only User` as user group 
+    5. Click `Save`
+
+        ![step 4](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_04.png)
+
 #### Create API keys
 
 In the Lacework console:
 
-1. Go to `Settings` > `Configuration` > `API keys`.
-2. Choose `User API keys` to add a key for a human user, or `Service user API keys` for programmatic API users.
-3. Click `+ Add New`.
-4. Give the key a name and an optional description.
-5. Click `Save`.
+1. In the `Settings`, go to `Configuration` > `API keys` > `Service User API Keys` and click `+ Add New`
+
+    ![step 5](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_05.png)
+
+2. To create an API Key:
+
+    1. Give the key a name and an optional description.
+    2. Click `Save`.
+
+        ![step 6](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_06.png)
 
 Download the generated API key file and open it in an editor to view and use the key ID and generated secret in your API requests. You can create up to 20 API keys.
 
@@ -47,10 +77,7 @@ To start to pull events, you have to:
 3. Give it a name and a description and click on `Next`.
 4. In `Choose a trigger`, select `Fetch new logs from Lacework`.
 5. On the right sidebar, in "Using which account ?", select `+ Add new account`.
-6. Write a `name` and set up the account configuration with your `Lacework URL` (Lacework application name), `access key` and `secret key`.
-
-    ![set_up account.png](/assets/operation_center/integration_catalog/cloud_and_saas/lacework.png)
-
+6. Write a `name` and set up the account configuration with the account, the keyId and the secret of your API Key.
 7. In the `Trigger Configuration` section, click on `Create new configuration`.
 8. Write a `name`, choose a `frequency` - Default is `60` -, paste the `intake_key` associated to your `Lacework Cloud Security` intake and click on `Save`.
 9. On the top right corner, start the Playbook. You should see monitoring messages in the `Trigger logs` section.