Slack Integration
This section will help you to add Slack integration with CyberCNS to help notify for selected rules at Global Level.
Select Integration
This screen will likely change as we add more integrations.
Navigate to Global Settings() > Integrations and choose Slack from the integrations listed here.
It will lead to adding credentials for your Slack Instance. Provide details as requested.
Enter Credentials
Enter Credential Name: Choose a name of your choice for the credential to be added.
Slack Webhook URL: Enter the Slack Webhook URL for the credential to be added.
How to get Slack Webhook URL, refer to this link Setup Slack Webhook URL
Once all the details are provided, SAVE the data. Likewise, multiple credentials can be added in this section using the '+' sign.
Company Mapping
In Company Mapping events for alerting are to be set by using Event Set, Integration Profile, and Manage Company Mapping.
Event Set
Under the Event Set, click on +Add to add the Alert Rule.
Every Category has a set of events/alerts under them which can be selected as per the requirement.
Every Category has a set of events/alerts under them which can be selected as per the requirement.
e.g. Asset category has below-listed alerts and selection of all or any is allowed.
The Ports category has the below-listed alerts, and the selection of all or anyone is allowed.
For Remediation notifications via email, MS Teams, Slack OR PSA integrations, any of the below can be selected. Any of the below is used for grouping of action items listed under the remediation plan.
To list all the remediations for a company into one ticket OR one email or one message.
Remediation by Company
OR
To list all the remediations for an asset into one ticket OR one email or one message.
Remediation by Assets
OR
To list all the remediations for a product into one ticket OR one email or one message.
Remediation by Product
OR
To list all the remediations for a product but grouped by a fix into one ticket one email or one message.
Remediation By Product(grouped by a fix)
OR
To create a ticket OR an email or a message for every remediation
Remediation By Asset, Company And Product.
To Enable Tickets for Remediations based on EPSS, one of the below-listed events is to be selected from the Remediation Filters.
Enable Tickets for Critical and High severity Remediations
Enable Tickets for Remediations with EPSS greater than 0.95
Enable Tickets for Remediations with EPSS greater than 0.90
Enable Tickets for Remediations with EPSS greater than 0.85
Enable Tickets for Remediations with EPSS greater than 0.50
Based on the above selection of any one criteria, the remediation items will be grouped.
For the Vulnerability & Azure error category, the below-listed alert, and selection is allowed.
For the AD Audit category, the below-listed alerts are available and selection of all or any is allowed. (Make sure to select the needed as it will create tickets based on the events)
For the Azure AD Audit & Unquoted service path, the below-listed alert and selections are allowed.
For the Reports, the below-listed alerts and selections are allowed.
Once the above details are selected, click on Save.
There is an option to Edit, Delete and set as default for the Alert Rules using the Action column. The listed Alert Rule can be edited and deleted if needed.
For setting the created Event as default, select the option Set as Default.
To confirm the Set as a default action, select Yes or No in the confirmation dialogue box.
Once the event is set to default, under Is Default column, the status Yes can be seen.
Integration Profile
Users will be able to set Alerting rules from integrations right away for conditions listed under it.
Under the Integration Profile, click on +Add to add the Integration Rule.
Enter the Name, Select the credential, and fill out all of the required fields in the Integration Parameters.
Once the below details are provided, click on Save.
There is an option to Edit, Delete and Set as default under the Integration Rules using the Action column. The listed Integration Rule can be edited and deleted if needed.
To designate the recently created event as the default, choose the Set as Default option.
To confirm the Set as default, select Yes or No in the confirmation dialogue box.
Manage Company Mapping
Click on Manage Company Mapping.
Choose Slack Credentials from the dropdown and click on + Add to add Integration Mapping for specific companies.
In New Company Mapping, choose the Slack Credential which is listed. (These are to be added under the Integration> Credentials section for Slack).
In case the local company is already created in CyberCNS and is to be mapped with ConnectWise company, then select Map Existing Company to Slack company and click on Next.
As shown in the below image, select the Local company( CyberCNS) by using a dropdown or with the search bar as per the requirement so it will map the companies accordingly.
Please choose/select the Pause Ticket Creation option only if no notifications are required using this integration and click Add.
Please choose/select Enable Sla ALerts option only if asset configurations are required using this integration and click Enable.
Once the Slack alerts are enabled, select the Event Set, and the Integration Profile, and click on '+' to add the record.
Delete the Integration profile in case not required using the bin icon as shown below.
Click on Add to see all the details of the selected fields and click on Finish.
Once all the fields are provided, Click on Finish to map all the selected Slack companies.
Delete the company record in case not required using the bin icon as shown below.
Selected companies are shown in the image below, along with details such as Existing Company Name, Company Name, Event Set, Integration Profile, Pause Ticket Creation, and Mapped Date.
Here click on Copy Settings to Copy the company mapping settings to other company mappings.
To copy the settings, select the desired company mappings and click on Update. This will copy the event set, integration profile, and ticket creation fields from the source company mapping to the selected target company mappings.
Using the Action column can edit or delete the integration mapping. Any mapping can be edited or deleted, whenever necessary.
This completes Slack Integration.
Â