This article leads you through the process of integrating Lacework with Red Canary. Follow the procedure from beginning to end. 

Prerequisites

• You must have Lacework Admin access to create the necessary API keys.
• You must have access to create an external service in Red Canary.

Step 1: Lacework–Create your Lacework API keys

Create your Lacework API keys to begin the alert sync between Lacework and Red Canary.

1. From the Lacework navigation menu, click Settings.
   
   
2. Click Users, select Account level tab, and then click +Add New.
   
   
3. From the Choose a User type dropdown, select Service user.
4. Enter a name for your user.
5. Enter a description for your user.
6. Click Next.
7. From the select a user group for added users dropdown, select Power User.
   
   
8. Click Save.
9. From the Configuration section, click API Keys.
   
   
10. Click the Service user API keys tab.
    
    
11. Click the ellipses dropdown (...), and then click Download.
    
    
12. Copy and save the .json file with your API keys. You will use this in a later step.

Step 2: Red Canary–Create External Service

Enter your Lacework API key information into Red Canary to start sending your Lacework alerts to Red Canary.

1. From your Red Canary homepage, click Integrations.
   
2. From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
   Note: If you do not see your security product listed, click See all integrations.
    
3. In the search bar, type and then select your third-party security source.
   
   
4. Continue onto the next step by configuring your third-party security source in Red Canary.
   Note: Your third-party security source may require that you contact Red Canary to configure.
   
5. Enter the Organization name, Secret Key ID, and Secret Key from the .json file you downloaded in Step 1.11.
   Note: For the Organization field, you need to begin the URL with https:// (example: https://orgname.lacwork.net).
6. Click Save.