PingSentry   |   Blog   |   System32   |   GitHub   |   Free tools

How can I integrate with Slack?

Article ID: 288
Applies to: 3.1 and later
Updated: 2019-07-24

Slack integration can be accomplished with the HTTP action.

You can integrate the webhooks api by going to:
https://YOURTEAMNAME.slack.com/apps/A0F7XDUAZ-incoming-webhooks

Then "Add Configuration", you can choose which channel you want the webhook JSON payload to appear on.

Once the Slackbot webhooks integration is configured in Slack follow these steps within the EventSentry Management Console using the slackbot URL provided by Slack to set up an HTTP action.

  • In the left pane right click "Actions" and select "Add Action".

  • On the "Action Selection" screen type your name for the new action (Ex: Slack) and select "HTTP" then press OK

  • In the right pane you should now see the settings for your new Slack action, update the URL field with the webhook url
    Example:
    https://hooks.slack.com/services/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

  • Next, set the content type to text/json and POST and then copy and paste the following JSON into the data field (because you are changing the settings of the slack action, you will need to restart the eventsentry service on any hosts using the action)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

{
"attachments": [
    {
    "fallback": "Required plain-text summary of the attachment.",
    "color": "#36a64f",
    "pretext": "ES [$COUNT] $EVENTSOURCE:$EVENTCATEGORY:$EVENTID",
    "author_name": "$HOSTNAME",
    "fields": [
    {
        "title": "Priority",
        "value": "High",
        "short": true
    },
    {
        "title": "Event Log",
        "value": "High",
        "short": true
    },
    {
        "title": "Event Type",
        "value": "High",
        "short": true
    },
    {
        "title": "Op Code",
        "value": "High",
        "short": true
    },
    {
        "title": "Source",
        "value": "$EVENTSOURCE",
        "short": true
    },
              {
        "title": "Category",
        "value": "$EVENTCATEGORY",
        "short": true
    },
    {
        "title": "Event ID",
        "value": "$EVENTID",
        "short": true
    },
              {
        "title": "Date/Time",
        "value": "$EVENTDATETIME",
        "short": true
    },
              {
        "title": "Computername",
        "value": "$EVENTCOMPUTER",
        "short": true
    },
    {
        "title": "Messsage",
        "value": "$EVENTMESSAGE",
        "short": false
    }
    ]
    }
]
}

Additional variables can be found in our documentation located here.

  • Once the action is configured click "Test" and you should see the test message in Slack.

  • Save the EventSentry configuration and you can now apply the action to any existing or new packages and filters and push the updated configuration to all remote hosts


Support Resources

Knowledge Base Knowledge Base
Documentation Documentation
Screenshot Screencasts
Blog Blog

Contact Support

Phone 1-877-NETIKUS
Email support@netikus.net