Slack Notifications

To send an alert notification via Slack you must first set up the Slack notification channel and have a Slack account configured at Slack.com.

Configuration

To launch the process from the Sysdig UI:

  1. Complete steps 1-3 in Set Up Notification Channels and select Slack.

You will be prompted to log in to your Slack account.

  1. Select a Slack channel from the drop-down list to be used for notifications and click Authorize.
  2. Determine whether to apply this channel globally (All Teams) or to a specific team.
  3. Complete configuration as desired and click Save.
  4. Optionally, click Test to check if the Slack notification works as expected.

You can now configure an Alert to use Slack notifications.

For on-prem installations, use the Webhook method to configure a Slack notification channel by specifying the webhook URL and a unique name for the Slack channel.

Customize Notifications (Monitor)

The ability to configure sections is currently available only in Sysdig Monitor.

You can customize the sections that will be included in the messages sent to each configured Slack channel. This gives you the ability the fine tune the contents of Slack messages according to your preferences.

Choose Notification Format (Secure)

This feature is currently available only in Sysdig Secure.

The Configure Channel Sections option applies only to notifications sent from Sysdig Secure events governed by Threat Detection policies. Here you can choose whether the message should be:

  • Shortened: (Default) Includes a summary of the event giving rule, policy name, and contextual information about where the event took place. When available, a Runbook Link and Action Taken are displayed.
  • Detailed: Includes full event details, as shown.