Documentation
Alerts

Set up an alert with a new Slack integration

Created:
March 15, 2024
Updated:
April 17, 2024

When you create an alert you choose how you want to receive the alert notification. There are several notification integrations available on the FireTail platform. When setting up the notification integration the information is included in the alert notification is fully customizable in the form of a payload.

The instructions below are an example of how to create an alert with a new Slack integration and customize a payload. The process of customizing the payload is the same for other notification integrations that you create at the same time as creating a new alert.

Note: To set up a Slack Webhook integration, you first need to create a channel in Slack. This is where the triggered alerts will be sent.  For information on how to create a channel in Slack go to the Slack help center.

Create an alert in the FireTail platform:
For full instructions on how to create a static alert visit Create a static alert.

1. Navigate to Alerting on the FireTail platform. Click Create Alert.

2. Give the alert a name.

3. Add any necessary Filters and Conditions.

5. Under Notification Integration, click Create to set up a new integration. This selects how you will get your alert notifications.

6. Select Slack Webhook.

7. Select the channel in Slack any alert notifications will be sent to.

8. Click Allow.

A test message is immediately sent to the Slack channel.

When the connection with Slack has been set up you can make any required edits to the notification, you can:

  • Change the integration name.
  • Click Change Connection to change the Slack channel the notifications are sent to.
  • Edit the Slack payload if required. This is the information that is populated in the Slack notification when an alert is triggered. For a list of all tokens, go to Dynamic variables. Learn how to Customize notifications.
  • Click Submit.

The integration is created and listed under the existing integrations tab You can now select this integration as a notification method when you create an alert or create an incident.

Customize the Slack Payload

The payload contains tokens that are dynamic variables, the content in these tokens is generated from the information contained in the triggered alert.  For instance, if the token {alert_timestamp} is in the payload, when the alert is sent to your Slack channel, the time in UTC format, that the alert was generated is displayed. For example, 21/04/2023T12:35:36

Example payload:



{
    "blocks": [
        {
            "type": "header",
            "text": {
                "type": "plain_text",
                "text": "Firetail Alert",
                "emoji": true
            }
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "*Name:*\n{alert_name}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*Trigger Time:*\n{alert_timestamp}"
                }
            ]
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "*Condition:*\n{alert_static_triggered_value} 
                    {alert_operand} {alert_static_threshold_value}"
                }
            ]
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "<{alert_link}|View Alert>"
            }
        }
    ]
}

Results in an alert being sent to Slack that will look similar to this:

You can add, remove and change tokens and text in the payload. For example:



{
    "blocks": [
        {
            "type": "header",
            "text": {
                "type": "plain_text",
                "text": "My Demo Alert",
                "emoji": true
            }
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "*Name:*\n{alert_name}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*Trigger Time:*\n{alert_timestamp}"
                },
                {
                   "type": "mrkdwn",
                   "text": "*Alert Type:*\n{alert_type}"
               }

            ]
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "*Condition:*\n{alert_static_triggered_value} 
                    {alert_operand} {alert_static_threshold_value}"
                },
               {
                   "type": "mrkdwn",
                   "text": "*Alert UUID:*\n{alert_uuid}"
               }

            ]
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "<{alert_link}|View Alert>"
            }
        }
    ]
}

The alert that is triggered will now look similar to this:

Note: For a list of all tokens, go to Dynamic variables.

Categories
Getting started
Organizations
Applications
APIs
Posture management
Specifications
Integrations
Alerts
Python documentation
FAQs
Related Docs
Update an alert
View doc
Delete an alert
View doc
Create a static alert
View doc
Recently Updated
Set up a Splunk integration
View doc
Manage subscriptions and billing
View doc
Dashboard overview
View doc
Google Cloud API Gateway Logging
View doc
Set up a Slack Webhook integration
View doc