From 61d5ce9bc6ffe7994f081526aab4ce045aa72326 Mon Sep 17 00:00:00 2001 From: Sebastien Quioc Date: Wed, 27 Mar 2024 12:51:18 +0100 Subject: [PATCH] fix(Lacework): add new section about how to create a service user and add screenshots --- .../cloud_and_saas/lacework_cloud_security.md | 45 +++++++++++++++---- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/lacework_cloud_security.md b/docs/xdr/features/collect/integrations/cloud_and_saas/lacework_cloud_security.md index 7c6ae8a9ad..465eb6ea0e 100644 --- a/docs/xdr/features/collect/integrations/cloud_and_saas/lacework_cloud_security.md +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/lacework_cloud_security.md @@ -21,15 +21,45 @@ To create API keys, you must have the account admin role or otherwise have write ### Create Lacework Credentials +#### Create a service user + +In the lacework console: + +1. Go to `Settings` + + ![step 1](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_01.png) + +2. In the settings, go to `Access Control` > `Users` > `Account level` and click `+ Add New` + + ![step 2](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_02.png) + +3. To create a service user: + + 1. Select `Service user` as user type + 2. Give the user a name and an optional description + 3. Click `Next` + + ![step 3](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_03.png) + + 4. Select `Read-Only User` as user group + 5. Click `Save` + + ![step 4](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_04.png) + #### Create API keys In the Lacework console: -1. Go to `Settings` > `Configuration` > `API keys`. -2. Choose `User API keys` to add a key for a human user, or `Service user API keys` for programmatic API users. -3. Click `+ Add New`. -4. Give the key a name and an optional description. -5. Click `Save`. +1. In the `Settings`, go to `Configuration` > `API keys` > `Service User API Keys` and click `+ Add New` + + ![step 5](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_05.png) + +2. To create an API Key: + + 1. Give the key a name and an optional description. + 2. Click `Save`. + + ![step 6](/assets/operation_center/integration_catalog/cloud_and_saas/lacework/step_06.png) Download the generated API key file and open it in an editor to view and use the key ID and generated secret in your API requests. You can create up to 20 API keys. @@ -47,10 +77,7 @@ To start to pull events, you have to: 3. Give it a name and a description and click on `Next`. 4. In `Choose a trigger`, select `Fetch new logs from Lacework`. 5. On the right sidebar, in "Using which account ?", select `+ Add new account`. -6. Write a `name` and set up the account configuration with your `Lacework URL` (Lacework application name), `access key` and `secret key`. - - ![set_up account.png](/assets/operation_center/integration_catalog/cloud_and_saas/lacework.png) - +6. Write a `name` and set up the account configuration with the account, the keyId and the secret of your API Key. 7. In the `Trigger Configuration` section, click on `Create new configuration`. 8. Write a `name`, choose a `frequency` - Default is `60` -, paste the `intake_key` associated to your `Lacework Cloud Security` intake and click on `Save`. 9. On the top right corner, start the Playbook. You should see monitoring messages in the `Trigger logs` section.