Automating Slack notifications

Before you begin

• You must create an app in your Slack workspace and retrieve the associated Slack bot token. Refer to the Slack app Quickstart guide or the tutorial on how to generate and use a Slack API bot token.
• Ensure the Slack bot token is permitted to post messages in the target channel where Concert will send notifications. Refer to Permission scopes in the Slack documentation.
• You will need the unique channel ID for the target Slack channel and the URL of the Slack workspace.
• If the automation rule you are configuring requires you to select an application or environment, you must have Admin or Editor access to selected object.

Step 1: Connect Concert and Slack

Establish and validate a new connection in Concert using the URL the of Slack workspace and bot token.

1. Click Administration > Integrations.
2. Click Connections.
3. Click Create connection.
4. Locate and click the Slack connection tile.
5. Enter a name for the connection for internal reference.
6. Enter a description for this connection. For example, you can provide more details about the Slack app or workspace with which the credentials are associated.
7. Enter the Slack URL associated with the target workspace.
8. Enter the Slack bot Token.
   Note: The bot token must have permission to post messages in the target Slack channel. Refer to Permission scopes in the Slack documentation.
9. Click Validate connection to ensure the connection between Concert and Slack is successful.
10. Click Create.

The new connection appears in the list.

Step 2: Create an automation rule using the Slack connection

To activate automatic notifications, you must create an automation rule to define the parameters of the Concert notifications you want to receive in Slack.

1. Click Automation rules (via Administration > Integrations).
2. Click Create automation rule.
3. Enter a name for the automation rule for internal reference.
4. Enter a description for the automation rule.
5. Select the condition that will trigger this automation rule and provide the requested details based on your selection.
   • CVE tracking - If selected, the rule is triggered if a CVE impacting the specified application is determined to be a high priority based on the risk score and priority settings.
   • Certificate expiry - If selected, the rule is triggered when a certificate associated with the specified environment is approaching or has reached its expiration date and must be renewed.
   • Compliance assessment - If selected, the rule is triggered when the specified environment is determined to be out of compliance with an assessed control.
   • SCA recommendation - If selected, the rule is triggered when Concert generates a new recommendation related to a software package, such as a recommendation to upgrade the package version to safeguard against known vulnerabilities or to identify package license issues.
   Warning: There is a known limitation related to automation rules in Concert v1.1.0 in which Slack notifications are not supported for all action types. You can only configure Slack notifications for alerts related to CVE tracking, Certificate expiry, Compliance assessment, and SCA recommendation actions.
6. Under Using this connection, select an existing Slack connection, such as the one you created in Step 1.
   Attention: Ignore the Assignee field as this applies only to ticketing-related automation rules.
7. Adjust the threshold values as desired. The threshold parameters vary depending on the selected condition type (CVE tracking, Compliance assessment, etc.). Refer to the corresponding topic in the Automation rules section for details about threshold values for each condition.
8. Click Create to create and activate the automation rule.

The new automation rule appears in the list and Concert begins sending alerts to Slack when the automation rule is triggered. Repeat this process for each triggering condition you'd like to result in a Slack message.