Slack webhook integrations vs. native Slack integrations
There are two ways to integrate Cmd with Slack: the native Slack integration enables authorization requests and standard alerts, while custom Slack integrations enable custom alerts. Here is a full comparison of the two options:
Enables alerts only—no authorization requests.
Allows customization of which CQL properties Cmd sends with alerts.
Alerts are not batched, and send immediately.
Enables authorization requests (i.e., enables a Cmd trigger action that makes server operators wait for someone to authorize their activity via your chosen Slack channel).
Does not allow customization of which CQL properties Cmd sends with alerts.
Alerts are batched, and send every 60 seconds.
To learn about setting up native Slack integrations, see the native Slack integration documentation. To learn about setting up Slack webhook integrations, read on.
Instructions: Set up a Slack Webhook
A global admin must first enable webhooks globally.
Then, you will need access to:
The Slack workspace where alerts will appear.
A Cmd manager or admin account.
For testing, you will also need access to:
An SSH session on one of your Cmd-enabled servers.
Part one: Set up Slack
1. First, go to the Slack api (https://api.slack.com/apps)
Click Create an App.
Give your app a name (e.g. ‘cmd-webhook’).
Under ‘Development Slack Workspace’, select the Slack workspace where you would like to receive alerts from Cmd.
Click Create app.
2. Next, under ‘Add features and functionality’, click Incoming Webhooks.
Turn the 'Activate Incoming Webhooks' slider in the upper-right corner to ‘On’.
Scroll down and click Add New Webhook to Workspace.
Choose a Slack channel where messages from Cmd will be displayed, and click Allow.
Copy the webhook URL and save it in a text editor:
Part two: Set up Cmd
1. Click your project's title in the top right to open ‘Project and App Settings’, then ‘Integrations preferences’.
Click Add integration.
Pick a name for your webhook (e.g. Slack webhook).
Under webhook URL, enter: https://us-central1-cmd-production.cloudfunctions.net/slack-forwarder
Under ‘Custom JSON to send’, enter the following, but with the webhook you copied from Slack instead of [WEBHOOK_URL_HERE], and the name of the Slack channel that will receive messages instead of [CHANNEL_NAME_HERE] :
For example, it might look like this:
2. Under ‘CQL properties to send’, select whichever CQL properties you want sent as part of the custom Slack alert.
As a starting point, we suggest using the properties in the screenshot above. (For more on CQL values, see Understanding CQL webhook properties.)
3. Your integration should be ready. To test it:
Create a new trigger which you can fire for testing.
Add the action ‘Send custom webhook alert’, making sure to select the correct webhook integration if you have more than one.
4. When the trigger fires, you will instantly receive an alert in Slack.
Here’s an example of the custom alert:
And here’s an example of the default alert: