Onboarding Lacework CSPM

Follow the steps below to onboard your environment to our Lacework CSPM app.

1

Add a Service User - Step 1 - Basic Information

Go to the Lacework Console and navigate to Users page. (Settings -> Access Control -> Users)

Click on the Add User button. You will see the following screen.

Change the User Type to Service User, provide a name(eg. leen-service-user) and click on the Next button.

2

Add a Service User - Step 2 - Select user group

Add one user group called Account admin and click on the Save button.

The “Account admin” permission is required to fetch compliances and retrieve all Lacework connected cloud accounts. We use the GET /api/v2/CloudAccounts endpoint, which only works with account admin permissions. For more information, see the Lacework documentation on access control, which shows that only admin has “Cloud accounts” read access.

3

Enable Service User

From the list of users on the Users page(Setting -> Access Control -> Users) under Account level locate the user you just created and click on the Enable button.

4

Download API Key

Navigate to Service user API Keys tab. (Settings -> Configuration -> API Keys -> Service user API Keys)

Locate the service user you just created and from the tripple dot menu click on the Download button to download the API key file.

This API json file will have following structure:

{
  "keyId": "ABC...123",
  "secret": "_ab12...34cd",
  "account": "your-company.lacework.net"
  // "subAccount": "optional: subaccount123"
}

5

Enter credentials

Enter these keys into the Lacework CSPM connector in their respective fields. Eg, key_id, secret, account and optionally sub_account

Please note the casing, e.g., camelCase in the API key file versus snake_case in the connector fields.

Credentials: Microsoft Defender for CloudCredentials: AWS SecurityHub