Skip to main content
All CollectionsTemplatesIntermediate
Enable AWS S3 Bucket Versioning on Lacework Alert - Workflow Template
Enable AWS S3 Bucket Versioning on Lacework Alert - Workflow Template

On an alert received from Lacework for S3 bucket versioning, pull the event, ask Slack user or channel to enable versioning.

Updated over 7 months ago

In this workflow template, Torq automates the remediation of violations triggered by Lacework for S3 bucket versioning issues. Upon receiving an alert, the workflow fetches details of the non-compliant S3 bucket and poses a versioning activation request to a designated Slack user or channel. User approval prompts the workflow to enable versioning or, in case of a timeout or denial, to open a Jira issue for further investigation, ensuring agile and efficient cloud security posture management (CSPM).

Trigger

Lacework

Use Cases

CSPM

Workflow Breakdown

  1. Receive an alert event from Lacework to Torq webhook

  2. Pull Event for all new violations for lacework-global-97 (S3 bucket versioning)

  3. Grab details from the bucket and ask the Slack user or channel to enable versioning

  4. Apply the changes if the user approves, and update Slack user or channel

  5. If the user does not approve or the question times out, open a Jira issue and update Slack channel

Vendors

AWS, Slack, Utils, Jira Cloud, Lacework

Workflow Output

Success/Failure via Slack and Jira issue

Tips

Setup the Alert rules and channel in Lacework to send to a Torq Webhook","Filter the inbound events to match the triggering rule from Lacework","Multiple resources can be combined into one event

Did this answer your question?