This article leads you through the process of integrating Lacework with Red Canary. Follow the procedure from beginning to end. 

Prerequisites

• You must have Lacework Admin access to create the necessary API keys.
• You must have access to create an external service in Red Canary.

Step 1: Lacework–Create your Lacework API keys

Create your Lacework API keys to begin the alert sync between Lacework and Red Canary.

1. From the Lacework navigation menu, click Settings.
   
   
2. Click Users, and then click +Add New.
   
   
3. From the Choose a User type dropdown, select Service user.
4. Enter a name for your user.
5. Enter a description for your user.
6. Click Next.
7. From the select a user group for added users dropdown, select Power User.
   
   
8. Click Save.
9. From the Configuration section, click API Keys.
   
   
10. Click the Service user API keys tab.
    
    
11. Click the ellipses dropdown (...), and then click Download.
    
    
12. Copy and save the .json file with your API keys. You will use this in a later step.

Step 2: Red Canary–Create External Service

Enter your Lacework API key information into Red Canary to start sending your Lacework alerts to Red Canary.

1. From the Red Canary navigation menu, click the Integrations dropdown.
2. Click Lacework.
   
   
3. Click Configure a new service.
   
   
4. Enter the Organization name, Secret Key ID, and Secret Key from the .json file you downloaded in Step 1.11.
   Note: For the Organization field, you need to begin the URL with https:// (example: https://orgname.lacwork.net).
5. Click Save.