ChatOps with InsightConnect and Slack
Slack has become the hub for many companies looking to streamline communication and alerts. It enables cross-team collaboration, keeps stakeholders in the know, and allows alerts from any number of external tools to populate into a channel rather than get lost in an inbox. Referred to as ChatOps, or a streamlined way of communicating, the use of Slack is one example of how operations company-wide can leverage automation to drive an incredible level of efficiency.
Security orchestration and automation (SOAR) solutions like InsightConnect already deliver massive efficiencies by automating routine tasks to save teams time. Now, with our integration with Slack, security teams can streamline alerting, make decisions, and even kick off workflows right from their Slack screen. This means fewer open browser tabs and services to log in to in order to get work done—it can all happen right within Slack.
Slack-integrated alerts, interactive ChatOps workflows, and initiated ChatOps workflows are now live within InsightConnect. Let’s dive into each of them below.
Slack-integrated ChatOps alerts
Now available to all current and new InsightConnect customers, this integration sends security alerts directly to a Slack channel to keep your team informed so they can take action on the security tasks that matter most. For example, let’s say a user has submitted a potentially malicious email to the security team. With the integration, you’ll be notified and can immediately see the details of the email in question directly in Slack.
The integration can be customized to send messages and attachments to an individual, a private channel, or a public channel so users no longer have to be logged in to InsightConnect to view important alerts. You can also set up alerts for when you need to log in to InsightConnect to address a task or issue, so you only log in when necessary.
As more and more security teams move toward running their entire operations from Slack, our new integration allows yours to begin doing so right away.
Interactive ChatOps workflows
The next feature is the ability to interact with InsightConnect messages within Slack. InsightConnect is now able to send configurable questions directly to an individual, private channel, or public channel. Once a user selects an answer, the workflow will proceed accordingly.
Let’s say one of your security tools has identified a malicious link. InsightConnect would alert you via Slack, then ask a set of questions (which are entirely configurable). For example, the option could be:
- Do nothing
- Delete the email
- Alert the person who received the link
Based on which option you select, the workflow will execute your choice automatically.
All that’s required to set up this feature is installing the Slack app to communicate with our bot, which can be added to any channel you would like messages to flow into.
Initiate ChatOps workflows
The third ChatOps feature is the ability to @ mention the InsightConnect bot to trigger certain workflows. By configuring certain keywords within your InsightConnect account, the bot can detect them in Slack when it’s @ mentioned and will then kick off the associated workflow.
Let’s say you are investigating a potential threat and come across a suspicious IP address. You can submit the IP to an enrichment workflow via Slack and see the results from the same channel.
No matter if you’re on the go accessing Slack via a mobile phone or you see an alert come in while at your desktop, you can put workflows into action immediately through this new integration.
Leveraging these ChatOps features can solve the biggest communication and speed challenges security teams face today. To learn more about ChatOps use cases and workflows, check out our automation playbook. To begin using our features and implement ChatOps within your organization, sign in to your InsightConnect account or request a free demo if you are not yet a customer.