Slack
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Slack

  • Dark
    Light
  • PDF

Slack is a messaging application for business. It transforms the way that organisations communicate by bringing people together to work as one unified team.

Configuration

  1. In the Configuration Box, enter the Configuration Name to uniquely identify this configuration.
  2. Create a webhook for a slack channel in your account.
  3. Identify the content of headers and payload that you need to provide in the Configuration Box.

Below is an example on how you can leverage this integration to send alerts to your Slack Channel.

Payload

{
   "text":"Alert from DNIF - Found Suspicious Remote Desktop Activity on host $DstIP"
}

image.png

Slack API, delivers text mentioned in the Payload to your slack channel. This plugin is basically provisioned to replace the $SrcIP, $DstIP variables with the value received from the data stack received on running a Search block.

image.png

In the above figure, a workbook named Suspicious Remote Desktop Network Activity is executed which contains the following blocks:

  • SQL Block: Displays two suspicious Destination IPs on execution of the workbook
  • Signal Block: This will raise a signal on detecting the suspicious IPs.
  • DQL block with _trigger query: Using Generic Webhook plugin for Slack, an alert will be raised to the slack channel with the message mentioned in payload as displayed below:

image.png


Was this article helpful?

What's Next