Skip to content

Exporting Alerts to Slack

Set up incoming webhooks for Slack

You need to set up an incoming webhook to receive alerts from Sophos Linux Sensor (SLS). This will allow SLS to send data to the Slack channel of your choice.

  1. Create a new Slack app in the workspace where you want to post messages.

  2. From the Features page, toggle Activate Incoming Webhooks on.

    Turn on Activate Incoming Webhooks.

  3. Click Add New Webhook to Workspace (it might say Request to Add New Webhook)

    Click Add New Webhook.

  4. Pick a channel that the app will post to, then click Authorize.

  5. Add the Incoming Webhook URL to the runtimedetections.yaml configuration file, if you're exporting the alerts from the Sensor.

Here's an example:

runtimedetections.yaml:
  cloud-meta: auto
  alert_output:
    outputs:
    - type: stdout
      enabled: true
    - type: webhook
      enabled: true
      url: "{{add url here}}"