Slack webhook integrations vs. native Slack integrations

There are two ways to integrate Cmd with Slack: the native Slack integration enables authorization requests and standard alerts, while custom Slack integrations enable custom alerts. Here is a full comparison of the two options:

Webhook integration: 

  • Enables alerts only—no authorization requests.
  • Alerts are not batched, and send immediately.

 Native integration:

  • Enables authorization requests (i.e., enables a Cmd trigger action that makes server operators wait for someone to authorize their activity via your chosen Slack channel). 
  • Enables alerts.
  • Does not allow customization of which CQL properties Cmd sends with alerts.
  • Alerts are batched, and send every 60 seconds.

To learn about setting up native Slack integrations, see the native Slack integration documentation.  To learn about setting up Slack webhook integrations, read on.

 

Instructions: Set up a Slack Webhook

Prerequisites

A global admin must first enable webhooks globally.
Then, you will need access to:

For testing, you will also need access to:

  • An SSH session on one of your Cmd-enabled servers.

Guide Overview

 

Part one: Set up Slack

1. First, go to the Slack api (https://api.slack.com/apps)

  • Click Create an App.
  • Give your app a name (e.g. ‘cmd-webhook’).
  • Under ‘Development Slack Workspace’, select the Slack workspace where you would like to receive alerts from Cmd.
  • Click Create app.

2. Next, under ‘Add features and functionality’, click Incoming Webhooks.

  • Turn the 'Activate Incoming Webhooks' slider in the upper-right corner to ‘On’.
  • Scroll down and click Add New Webhook to Workspace.
  • Choose a Slack channel where messages from Cmd will be displayed, and click Allow.
  • Copy the webhook URL and save it in a text editor:    

 

Part two: Set up Cmd

1. Click your project's title in the top right to open ‘Project and App Settings’, then ‘Integrations preferences’.

  • Click Webhook.
  • Click Add integration.
  • Pick a name for your webhook (e.g. Slack webhook).
  • Under webhook URL, enter: https://us-central1-cmd-production.cloudfunctions.net/slack-forwarder
  • Under ‘Custom JSON to send’, enter the following, but with the webhook you copied from Slack instead of [WEBHOOK_URL_HERE], and the name of the Slack channel that will receive messages instead of [CHANNEL_NAME_HERE] :
{"webhook_url":"[WEBHOOK_URL_HERE]","channel":"#[CHANNEL_NAME_HERE]"}

For example, it might look like this: 


2. Under ‘CQL properties to send’, select whichever CQL properties you want sent as part of the custom Slack alert. 

 
3. Your integration should be ready. To test it:

  • Create a new trigger which you can fire for testing.
  • Add the action  ‘Send custom webhook alert’, making sure to select the correct webhook integration if you have more than one.

 
4. When the trigger fires, you will instantly receive an alert in Slack.

  • Here’s an example of the custom alert:
  • And here’s an example of the default alert:   

  

Related resources:

Understanding CQL webhook properties

How to configure a custom webhook

Third-party integrations overview

 

Did this answer your question?