Slack Integration

Instructions for Integration Between Slack & InsightCloudSec

The InsightCloudSec integration with Slack provides the ability to send notification messages to Slack channels and is compatible with all InsightCloudSec Resources.

An example of using this integration would be to generate and send high priority security alerts through Slack to a certain channel or channels when noncompliant security group rules are provisioned, such as SSH open to the world.

Prerequisites

Before getting started you will need to have the following:

  • A functioning InsightCloudSec platform installation with an admin role
  • The appropriate permissions/access/approval to configure a Slack App/Webhook
    • This also assumes you have created or will create an App
  • Details about each webhook/Slack channel you want to provide integration for (one webhook per channel)

For general information about Integrations (editing and deleting), refer to the Integrations Overview page.

If you need help with this integration, contact us through the Customer Support Portal.

Configuring Your Slack Integration

Configuration in Slack

The following instructions are for the steps required to create an Incoming Webhook for integration into your InsightCloudSec platform. If you have not created a new App, refer to the Slack instructions on how to do so here.

After you have created a Slack "App", you can enable the Webhooks capability as follows:

1. From your Slack application make sure you are logged in to your Workspace. Navigate to https://api.slack.com/ and click on the "Your Apps" button on the top right.

  • Note: If you have not created an App, you can do so from this page using the "Create New App" button.
1501

Accessing Your Slack Apps

2. Click on the name of the App you created to open the configuration options and locate the "Incoming Webhooks" option on the left under "Features".

1402

Activating Webhooks

3. Toggle the option to "Active Incoming Webhooks" to activate the "Webhook URL for Your Workspace" feature.

4. Click on the "Add New Webhook to Workspace" button and select the target channel from your workspace in which you want to generate a new webhook, click "Allow".

  • Note: you will need a unique webhook for each Slack channel you want to integrate.

5. Copy the newly-created webhook URL from Slack and *save this information somewhere safe to supply to InsightCloudSec to complete your integration.

1014

Copy the Webhook URL from Slack

Configuration in InsightCloudSec

1. Open InsightCloudSec and from the Administration cog navigate to "Integrations".

2. Locate the Slack card on the Integrations page and click "Edit".

🚧

Editing Existing Integrations

If you update a Slack Webhook name any existing Bot that uses this original name/integration will no longer work properly (it invalidates the configuration of the Bot).

Note: If you revert the name to the original name it will restore the existing Bot configurations.

3. Provide a name and paste the "WebHook URL" you created in Slack.

  • If desired click the "plus" to add a line for any additional WebHooks, and complete with the name/URL.
  • Note: you will need a unique webhook for each Slack channel you want to integrate.

4. Select "Save" to complete the integration.

2294

Adding the Slack WebHook Into DivvyCloud from Integrations Page

Using Slack WebHooks for System Health Notifications

In addition to adding a Slack WebHook through the InsightCloudSec Integrations page, users can also include a Slack Integration/WebHook in InsightCloudSec's System Settings. This capability enables Slack notifications for System Health. Users can select a cadence for the notifications. and as with the general WebHook integration/configuration, can specify a Slack channel.

To add this WebHook, from InsightCloudSec navigate to "Administration --> System Administration" on the "Systems" tab.

1404

System Administration - System Settings

Scroll to the "Health Notifications" content section (lower left) at the bottom of the page.

You can add your Slack WebHook here and your selected channel will receive notifications based on the cadence you select (Daily or Hourly).

553

Slack WebHook for Health Notifications

Configuring the "Send Slack Message" Bot Action

The following are the steps required to configure a Bot to verify the configuration of your Slack Integration. Refer to the following steps.

1. Go to the BotFactory page and click "Create Bot".

2. Complete the Resource Type & Groups and Query Filters sections.

3. In the Actions section, click "Add Action" and search for "Slack" to locate the "Send Slack Message" action.

1231

Configuring the Send Slack Bot

4. Type in the name of the channel where you want to post the Slack message.
- Note: if you have more than one webhook/channel configured you will need to select the target channel for your Bot. If you do not select a channel the first available webhook will be used. This drop-down does not display for Organizations that do not have more than one webhook configured.

1251

Multiple Channels - Select the Target Channel

5. Type in the name that will be displayed when the message gets posted in Slack, e.g., "InsightCloudSec".

6. Type in a value if you want to dynamically assign the recipient via one or more Tags.

7. Type in a value if you want to dynamically assign the recipient via one or more Badges.

766

Configuring the Bot Action

8. Add content to the message that will be posted to Slack. You can include actionable information with Jinja2 formatting.

For example:

A resource of type ```{{resource.get_resource_type()}}``` was discovered at
```{{resource.common.creation_timestamp}}``` without the required *owner*
or *contact-email* tags. The resource name is ```{{resource.get_resource_name()}}```.
It lives in account ```{{resource.get_organization_service_name()}}```.