Slack Integration

This is an optional lab if you would like to integrate notifications from Cloud One - File Storage Security to your Slack workspaces based on one specific channel that you will define.

In this integration, we will make a Lambda function send a Slack message every time that we have a new detection on Cloud One - File Storage Security, you can deploy this automation using the AWS Console, AWS CLI or Makefile. In this example we will demonstrate using the AWS CLI:

Requirements

1. Configure Slack Webhook App

  • Create a Slack Channel to receive the notification
  • Go to App Directory > Search Incoming WebHooks.
  • Click on Incoming WebHooks, then click “Add to Slack”
  • Choose the Channel to receive the notification
  • Copy Webhook URL
  • Enter the Description of your WebHook.
  • Enter the Name of the Slack WebHook, by default it will use incoming-webhook; if you prefer, you can customize the name.
  • If you want any custom icon to add that in Customize Icon section.
  • Click “Save Setting”

Diagram

If you need more detailf on how to create the Incoming Webhooks on Slack here is a great Link - Additional information

2. Find the ScanResultsTopic ARN.

In the AWS console, go to Services > CloudFormation > select the storage stack from File Storage Security > Click on Resources. - Scroll down to locate the ScanResultTopic Logical ID. - Copy the ScanResultTopic ARN to a temporary location.

Example: arn:aws:sns:us-east-1:000000000000:FileStorageSecurity-All-In-One-Stack-StorageStack-1IDPU1PZ2W5RN-ScanResultTopic-N8DD2JH1GRKF

Diagram

2. Deploy the Slack plugin for File Storage Security:

2.1 AWS CLI command to create the role:

Diagram Diagram

Fill in the parameters

  • ScanResultTopicARN: the storage stack from File Storage Security ScanResultTopicARN
  • SlackChannel: the name of your Slack channel created to receive notifications.
  • SlackURL: the name of your incomming webhook Slack URL.
  • SlackUsername: the Slack username to receive the notification on slack channel.

Diagram Diagram

Ensure the application reaches create complete

Diagram

Now you can generate a new malware event as we did before in Test Deploy

Then you should be able to see a Cloud One - File Storage Security event in your Slack Channel like this one below:

Diagram

If you need more details on how to deploy the post action for Slack integration here is more information in our GitHub repository.