In this workflow template, Torq automates the remediation of violations triggered by Lacework for S3 bucket versioning issues. Upon receiving an alert, the workflow fetches details of the non-compliant S3 bucket and poses a versioning activation request to a designated Slack user or channel. User approval prompts the workflow to enable versioning or, in case of a timeout or denial, to open a Jira issue for further investigation, ensuring agile and efficient cloud security posture management (CSPM).
Trigger
Lacework
Use Cases
CSPM
Workflow Breakdown
Receive an alert event from Lacework to Torq webhook
Pull Event for all new violations for lacework-global-97 (S3 bucket versioning)
Grab details from the bucket and ask the Slack user or channel to enable versioning
Apply the changes if the user approves, and update Slack user or channel
If the user does not approve or the question times out, open a Jira issue and update Slack channel
Vendors
AWS, Slack, Utils, Jira Cloud, Lacework
Workflow Output
Success/Failure via Slack and Jira issue
Tips
Setup the Alert rules and channel in Lacework to send to a Torq Webhook","Filter the inbound events to match the triggering rule from Lacework","Multiple resources can be combined into one event