InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Slack Integration

Instructions for Integration Between Slack & InsightCloudSec

The InsightCloudSec integration with Slack provides the ability to send notification messages to Slack channels and is compatible with all InsightCloudSec Resources.

An example of using this integration would be to generate and send high priority security alerts through Slack to a certain channel or channels when noncompliant security group rules are provisioned, such as SSH open to the world.

Prerequisites

Before getting started you will need to have the following:

  • A functioning InsightCloudSec platform installation with an admin role
  • The appropriate permissions/access/approval to configure a Slack App/Webhook

For general information about Integrations (editing and deleting), refer to the Integrations Overview page.

If you need help with this integration, contact [email protected].

Configuring Your Slack Integration

Configuration in Slack

The following instructions are for the steps required to create an Incoming Webhook for integration into your InsightCloudSec platform. If you have not created a new App, refer to the Slack instructions on how to do so here.

After you have created a Slack "App" you can enable the Webhooks capability as follows

1. From your Slack application make sure you are logged in to your Workspace. Navigate to https://api.slack.com/ and click on the "Your Apps" button on the top right.

  • Note: if you have not created an App you can do so from this page using the "Create New App" button.
Accessing Your Slack AppsAccessing Your Slack Apps

Accessing Your Slack Apps

2. Click on the name of the App you created to open the configuration options and locate the "Incoming Webhooks" option on the left under "Features".

Activating WebhooksActivating Webhooks

Activating Webhooks

3. Toggle the option to "Active Incoming Webhooks" to activate the "Webhook URL for Your Workspace" feature.

4. Click on the "Add New Webhook to Workspace" button and select the target channel from your workspace in which you want to generate a new webhook, click "Allow".

5. Copy the newly created webhook URL from Slack and save this information somewhere safe to supply to InsightCloudSec to complete your integration.

Copy the Webhook URL from SlackCopy the Webhook URL from Slack

Copy the Webhook URL from Slack

Configuration in InsightCloudSec

1. Open InsightCloudSec and navigate to "Administration --> Integrations".

2. Locate the Slack card on the Integrations page and click "Edit".

3. Paste the "WebHook URL" you created in Slack and select "Save" to complete the integration.

Adding the Slack WebHook Into DivvyCloud from Integrations PageAdding the Slack WebHook Into DivvyCloud from Integrations Page

Adding the Slack WebHook Into DivvyCloud from Integrations Page

Using Slack WebHooks for System Health Notifications

In addition to adding a Slack WebHook through the InsightCloudSec Integrations page, users can also include a Slack Integration/WebHook in InsightCloudSec's System Settings. This capability enables Slack notifications for System Health. Users can select a cadence for the notifications and, as with the general WebHook integration/configuration, can specify a Slack channel.

To add this WebHook, from InsightCloudSec navigate to "Administration --> System Administration" on the "Systems" tab.

System Administration - System SettingsSystem Administration - System Settings

System Administration - System Settings

Scroll to the "Health Notifications" content section (lower left) at the bottom of the page.

You can add your Slack WebHook here and your selected channel will receive notifications based on the cadence you select (Daily or Hourly).

Slack WebHook for Health NotificationsSlack WebHook for Health Notifications

Slack WebHook for Health Notifications

Configuring the "Send Slack Message" Bot Action

The following are the steps required to configure a Bot to verify the configuration of your Slack Integration. Refer to the following steps.

1. Go to the BotFactory page and click "Create Bot"

2. Complete the Resource Type & Groups and Filters sections.

3. In the Actions section, click "Add Action" and find the "Send Slack Message" action.

Configuring the Send Slack BotConfiguring the Send Slack Bot

Configuring the Send Slack Bot

4. Type in the name of the channel where you want to post the Slack message.

5. Type in the name that will be displayed when the message gets posted in Slack, e.g., "InsightCloudSec".

6. Type in a value if you want to dynamically assign the recipient via one or more Tags.

7. Type in a value if you want to dynamically assign the recipient via one or more Badges.

Configuring the Bot ActionConfiguring the Bot Action

Configuring the Bot Action

8. Add content to the message that will be posted to Slack. You can include actionable information with Jinja2 formatting.

For example:

A resource of type ```{{resource.get_resource_type()}}``` was discovered at
```{{resource.common.creation_timestamp}}``` without the required *owner*
or *contact-email* tags. The resource name is ```{{resource.get_resource_name()}}```.
It lives in account ```{{resource.get_organization_service_name()}}```.

Updated 15 days ago

Slack Integration


Instructions for Integration Between Slack & InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.