Setting Up Slack Notifications
Get real-time security alerts delivered directly to your Slack channels. This guide walks you through setting up Slack notifications for LiteSOC events.
Overview
With Slack notifications, you can:
- šØ Receive instant alerts for security threats
- š Monitor login attempts and suspicious activity
- š Get notified about brute force and impossible travel detections
- š Share security updates with your team
Method 1: Using LiteSOC Built-in Slack Integration
Step 1: Connect Slack
- Log in to your LiteSOC Dashboard
- Go to Settings ā Integrations
- Find Slack and click Connect
- You'll be redirected to Slack to authorize LiteSOC
- Select the workspace and channels you want to allow
- Click Allow
Step 2: Configure Notification Settings
After connecting, configure which events trigger notifications:
| Setting | Options |
|---|---|
| Channel | Select a channel (e.g., #security-alerts) |
| Event Types | All events, or specific types |
| Severity Filter | Critical only, High+, Medium+, or All |
| Quiet Hours | Optionally mute during off-hours |
Step 3: Test the Integration
Click Send Test Notification to verify everything works. You should see a message in your selected channel.
Method 2: Using Slack Incoming Webhooks
For more control, use Slack Incoming Webhooks directly.
Step 1: Create a Slack App
- Go to api.slack.com/apps
- Click Create New App ā From scratch
- Name your app (e.g., "LiteSOC Alerts")
- Select your workspace
Step 2: Enable Incoming Webhooks
- In your app settings, go to Incoming Webhooks
- Toggle Activate Incoming Webhooks to ON
- Click Add New Webhook to Workspace
- Select the channel for alerts (e.g., #security-alerts)
- Click Allow
- Copy the Webhook URL
Example Webhook URL:
https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
Step 3: Configure in LiteSOC
- Go to Settings ā Webhooks in LiteSOC
- Click Add Webhook
- Select Slack as the destination type
- Paste your Slack Webhook URL
- Configure filters (event types, severity)
- Click Save
Customizing Alert Messages
Alert Format
LiteSOC sends rich Slack messages with:
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā šØ Security Alert ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Event: auth.login.failure ā
ā Severity: š“ Critical ā
ā ā
ā Actor: user@example.com ā
ā IP: 203.0.113.42 ā
ā Location: š Unknown (VPN detected) ā
ā ā
ā Detection: Brute Force Attack ā
ā Failed attempts: 15 in 5 minutes ā
ā ā
ā [View in Dashboard] ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Severity Colors
- š“ Critical - Red sidebar
- š High - Orange sidebar
- š” Medium - Yellow sidebar
- š¢ Low/Info - Green sidebar
Channel Recommendations
We recommend setting up multiple channels for different alert types:
| Channel | Purpose | Severity |
|---|---|---|
| #security-critical | Immediate attention required | Critical |
| #security-alerts | Important security events | High + Critical |
| #security-audit | All security events for compliance | All |
Filtering Notifications
By Event Type
Select specific events to receive notifications for:
- ā auth.login.failure
- ā security.suspicious.activity
- ā admin.role.changed
- ā auth.login.success (too noisy)
By Severity
Filter based on severity level:
- Critical Only - Brute force, impossible travel, blocked threats
- High and Above - Includes failed logins, suspicious activity
- Medium and Above - Includes permission changes
- All - Every security event (can be noisy)
By Actor
Optionally filter for specific users or groups:
- VIP users (executives, admins)
- New users (first 30 days)
- Service accounts
Setting Up Quiet Hours
Avoid alert fatigue with quiet hours:
- Go to Settings ā Integrations ā Slack
- Enable Quiet Hours
- Set your quiet period (e.g., 10 PM - 8 AM)
- Choose how to handle alerts during quiet hours:
- Suppress - Don't send any notifications
- Batch - Send a summary at the end of quiet hours
- Critical Only - Only send critical alerts
Troubleshooting
Not Receiving Notifications
- Check channel permissions - Ensure the LiteSOC app can post to your channel
- Verify webhook URL - The URL should start with
https://hooks.slack.com/ - Test the webhook - Use the "Send Test" button in LiteSOC
- Check Slack app status - Ensure the app isn't disabled in Slack
Duplicate Notifications
If you're receiving duplicates:
- Check if you have multiple webhooks configured
- Ensure you're not using both built-in Slack and n8n integration
- Review your notification rules for overlaps
Webhook Errors
If LiteSOC shows webhook errors:
- 401/403 - Re-authorize the Slack connection
- 404 - The webhook URL may have been revoked; create a new one
- 500 - Slack is having issues; check status.slack.com
Best Practices
- Don't over-notify - Only send actionable alerts to avoid fatigue
- Use severity filters - Critical events need immediate attention
- Create runbooks - Document response procedures for each alert type
- Review regularly - Audit your notification settings monthly
- Use threads - Group related alerts (available with built-in integration)
Need help? Check our webhook documentation or contact support.