LogRhythm to Slack Webhooks

September 7, 2017




Steps

1. Add a webhook to your Slack team.

2. Create your AIE alarm with fields that you want to pass to your webhook.

3. Create a powershell script accepting the fields as parameters:

4. Create the actions.xml manifest with the same parameters/fields:

5. Create your SmartResponse Plugin using the powershell script and manifest.

6. Set your SmartResponse as an action to your AIE alarm, mapping the correct parameters:

7. Trigger your alarm and observe the webhook:

Better Alarm Examples

Privileged User Group Changes

Authentication Failures

Suspicious IP Inbound

Suspicious IP Outbound

Credit

jgigler/Powershell.Slack