Step 1: Enable console access
Having read-only access to the interface of your technology allows Expel to dig deeper when performing incident investigations. Our device health team uses this access to investigate potential health issues with your tech.
Create a user in Lacework for Expel or create an SSO user for Expel with access to Lacework.
Step 2: Generate API credentials
To integrate the technology with Expel, we need to create secure credentials to the API. Depending on the permissions allowed in Step 1, Expel may be able to generate API credentials. If you're unsure, reach out to your Expel Customer Success Engineer, or email firstname.lastname@example.org.
Lacework provides a combination of API Access keys and tokens to be used by clients and client applications to access the Lacework API. API access key IDs and secret access keys are created using the Lacework Console. Temporary access (bearer) tokens, used by clients, are created using the Lacework API.
Only administrators can create API access keys with a limit of 2 per user. An API access key doesn't expire but can be disabled or deleted. After creation, administrators can download and securely store the secret key.
For more information about creating and using access (bearer) tokens for accounts in an Organization, see Role-Based API Authentication for Organizations.
- To create an API key, navigate to Settings > API Keys and click + Create New.
- Type a name for the key and an optional description and click Save.
- To get the secret key, download the generated API key file and open it in an editor.
Docs reference: https://support.lacework.com/hc/en-us/articles/360011403853-Generate-API-Access-Keys-and-Tokens
Step 3: Configure the technology in Workbench
Now that we have the correct access configured and have noted the credentials, we can integrate Lacework with Expel Workbench.
Register device in Expel Workbench
- In a new browser tab, login to https://workbench.expel.io.
- On the console page, navigate to Settings and click Security Devices.
- At the top right of the page, select Add Security Device.
- Search for and select your technology.
- Complete all fields using the credentials and information you collected in Step 1 and Step 2.
- For Name type the hostname of the Lacework device.
- For Location type the geographic location of the appliance.
- For Server address type the hostname or IP address of the Lacework management interface. Device IP can be found in the Lacework console under Dashboard > General Information > MGT IP Address.
- For API key type the API generated in Step 2.
- Username and Password fields can be left blank or can be filled in with the username and password created in Step 1.
- Click Save.
After a few minutes, refresh the Security Devices page and you see your device status reporting as Healthy, or if there is an issue, you see details of what the issue may be.
To check if alerts are coming through, navigate to Alerts on the console page. Click the icon in the upper right to switch to grid view, then check the list for device alerts.