Configure a Send Message to Slack Task (Beta)

This document is intended for early-access customers, and it is updated as Automated Response features are enhanced.

In your automated response playbook, you can configure a Send Message to Slack task to send a message from Alert Logic to Slack via a connection target.

For example, when you reach a certain point in your playbook, you might want to send a message to Slack with some or all of the details about an incident. You can specify the channel that receives the message.

The source of the incident can be any of the following:

  • Incident that meets the conditions of a trigger for the playbook
  • Incident that a user selects to run the playbook on manually
  • Sample incident payload used to test the playbook

Complete the following steps to successfully configure the Send Message to Slack task:

  1. Create a Slack connection target
  2. Add the task to your playbook
  3. Configure the task input
  4. Configure the task output (optional)

Create a Slack connection target

The Send Message to Slack task requires a Slack connection target.

To check whether it exists, in the Alert Logic console, click Configure in the navigation menu (), click Connectors, and then click the Connection Targets tab.

Add the task to your playbook

If you have not added the task to your playbook, complete the instructions in Add a task in the workflow diagram and Add task details (optional).

Configure the task input

Complete these instructions to provide the input values for your Send Incident to Slack task.

To configure the task input:

  1. On the task Input tab, select the connection target in Slack Connection Target that you created or identified in Create a Slack connection target.
  2. In Message, enter the message that you want to send.

    Slack supports the following character formatting:

    • For bold, enclose the text with one asterisk (*) character (example: *bold*).
    • For italic, enclose the text with one underscore (_) character (example: _italic_).
    To send the incident summary to a Slack channel, type the expression <% ctx().payload.incident.summary %>.
  3. (Optional) To specify the channel to send the message to, enter its name preceded by the number sign (#) character (example: #other-channel). If you leave Channel blank, the task sends the message to the channel that the user specified in Slack when the incoming webhoook was configured.
  4. (Optional) To replace the default message icon in Slack, do one of the following:
    • In Custom Icon Emoji, enter the emoji code enclosed with the colon (:) character (example: :shield:) .
    • In Custom Icon Image URL, enter the URL for the replacement image.
  5. To disable formatting in the message and treat the message as text, not code, select the Message is plain text check box.

Insert a YAQL expression in an input field

Any field that supports one or more Yet Another Query Language (YAQL) expressions has a SELECT VARIABLE drop-down list above the field. A YAQL expression can reference a value in the playbook context, such as a field in the incident payload, or the published result of a previous task.

To insert a YAQL expression, place your cursor in the field where you want to insert the reference, click SELECT VARIABLE, and then select the variable. A YAQL expression that references the selected value appears in the field.

Configure the task output (optional)

This task does not generate results that you can publish as output. For other ways to publish output, see Configure task output (optional).

Technical reference

Action Name

Send Message to Slack

Action Type

post_message