Documentation

Slack

Suggest Edits

Webhooks allow Identity Security Insights to send detection and recommendation information to a configured Slack channel.

⚠️

Important

Third-party documentation is subject to change. Updates might not be reflected in BeyondTrust documentation. For the most up-to-date information, visit Slack's Quickstart guide for developing automations.

Requirements

  • An Identity Security Insights account with administrator privileges.
  • An account that has access to the applicable tenant in Identity Security Insights.
  • A Slack account with permissions to create a Slack and bot.

Slack webhook integration workflow

  1. Create a Slack app and bot to receive messages from Identity Security Insights.
  2. Once your Bot is created, copy the Bot User OAuth Token for your workspace.
  3. Invite the Bot to the Slack channel you would like to receive updates from Insights with /invite @{botname} (e.g. invite /@insights).
  4. Create a webhook integration for Slack in Identity Security Insights
  5. In Identity Security Insights, select your tenant.
  6. In the upper left menu, click Insights > Integrations.
    The Integrations page displays the available integrations.
  7. Click Webhooks or your product.
    The Summary page displays.
  8. Click Create Integration.
    The Configure Integration page displays.
  9. Enter the following information:
    • Name: A name for the new webhook.
    • Webhook URL:https://slack.com/api/chat.postMessage
    • Authorization Type: Select Bearer, and paste your Bot User OAuth Token in the value field.
    • Webhook Template: Use the following test webhook JSON template to test the connection and send a webhook to Slack. This template creates a new card in Slack for a given detection or recommendation, provides additional information about the report, and includes a link to the incident in Identity Security Insights.
    • After a successful test with the static test data, the template can be configured. Create or change the fields and add variables as per your requirements.

ℹ️

Note

For more information on card formatting, see the Slack documentation.

{
    "blocks": [
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "A new %%incidentType%% was found:\n*<%%link%%|Go to %%incidentType%%>*"
            }
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "Severity:\n%%severity%%"
                },
                {
                    "type": "mrkdwn",
                    "text": "When:\n%%timestamp%%"
                },
                {
                    "type": "mrkdwn",
                    "text": "Summary:\n%%definitionSummary%%"
                },
                {
                    "type": "mrkdwn",
                    "text": "Source:\n%%source%%"
                },
                {
                    "type": "mrkdwn",
                    "text": "Location:\n%%location%%"
                },
                {
                    "type": "mrkdwn",
                    "text": "Entity Type:\n%%entityType%%"
                },
                {
                    "type": "mrkdwn",
                    "text": "Entity Name:\n%%entityName%%"
                }
            ]
        }
    ]
}

Updated 8 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.