Exporting Alerts to Slack
Set up incoming webhooks for Slack
You need to set up an incoming webhook to receive alerts from Sophos Linux Sensor (SLS). This will allow SLS to send data to the Slack channel of your choice.
-
Create a new Slack app in the workspace where you want to post messages.
-
From the Features page, toggle Activate Incoming Webhooks on.
-
Click Add New Webhook to Workspace (it might say Request to Add New Webhook)
-
Pick a channel that the app will post to, then click Authorize.
-
Add the Incoming Webhook URL to the runtimedetections.yaml configuration file, if you're exporting the alerts from the Sensor.
Here's an example:
runtimedetections.yaml:
cloud-meta: auto
alert_output:
outputs:
- type: stdout
enabled: true
- type: webhook
enabled: true
url: "{{add url here}}"