icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Lacework Events Add-On
SHA256 checksum (lacework-events-add-on_111.tgz) 84c48878e139d87c1bed03249b14f0d38bfb4350a03e53af57e78fa7742402ae SHA256 checksum (lacework-events-add-on_110.tgz) 6a5bbd5d3e76e6425bb6e8ea5f9c2c46524e5aa207bbefe982db3b984917f2d6
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Lacework Events Add-On

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
The Lacework Events Add-On is a scalable security service that collects cloud-based security and compliance data from the Lacework API, specifically the Events endpoint. Gain detailed insight gathered from notable events that are generated by various cloud instances such as AWS and Kubernetes.

Disclaimer: This app is not created or managed by Lacework.

Getting Started with the Add-on

Set up with the Lacework Event add-on is a simple process that can be completed in just a few steps:
1. Install the add-on.
2. Under Configurations > Account, click Add.
3. In the window that appears, input the following and submit:
a. Account name: Your Lacework sub-domain (case-sensitive).
* This information can be found in your Lacework account. Example: https://tripadvisor.lacework.net --> tripadvisor is the domain.
b. Username: Your Lacework API Access Key ID
c. Password: Your Lacework API Secret Key
4. This Configuration account stores your Lacework account credentials, and it can be used with as many Input accounts you would like, which we will be adding in the next section.
5. Under Inputs, click Create New Input
6. Input the following:
* Name: Name of your input name, such as "DevOps Team Events"
* Interval: How often the inputshould be provided to the add-on. The add-on runs every 24 hours so an interval of 86400 seconds is recvommended.
* Index: The Splunk index to which you would like the data to be written to.
* Sub-domain: Your Lacework sub-domain (case-sensitive).
* Lacework App Account: Select your Configuration account that is associated with this Lacework unit.
* Bearer Token Expiration: How long the Lacework API token should remain active, in seconds.
7. And that is it! You have successfully set up the add-on. Depending on your interval input, you will begin to see Lacework event data in your specified indices.

Release Notes

Version 1.1.1
June 12, 2020

Fixed bug where users could not link Input and Configuration accounts properly. Determined to be an issue with the data validation method in script.

Version 1.1.0
June 12, 2020

Added improved data validation for user input and refactored Python script to increase readability.


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.