Overview

UpGuard Data Leaks provides continuous monitoring of internet facing resources to make sure your data is never left in an insecure place. If something is found, it is important to begin investigation into the possible leak as soon as possible, even if the leak is minimal or a false positive.

This guide shows how to configure an UpGuard integration into Slack so that your Engineering team knows about a potential leak the second it is detected by UpGuard.

Prerequisites

You will need to locate a Slack Webhook that is able to post into the relevant Slack channel in your account. Please use your favorite search engine to locate the Slack API documentation on "Webhooks". At the time of writing, this page can be found at Sending messages using Incoming Webhooks.

Your Slack Webhook should look similar to this:

https://hooks.slack.com/services/T00000000/B00000000/NNNNNNN

Adding the Integration in UpGuard

Navigate to Account Settings on the left panel, then click the Integrations tab. Click New Integration to start creating a new integration.

Give your integration a descriptive name. Click Confirm and Next to continue.

Next, select the trigger type. In this case we are going to select the When a new data leak is published trigger. Click Confirm and Next.

Next, you will be entering the destination details. For a Slack integration, you just need to paste the Slack Webhook into the Webhook URL field. The webhook contains all the authentication required, so no other fields need to be set here. Click Confirm and Next.

Define your Payload template similar to the example below.

{
"channel":"#engineering",
"username":"UpGuard CyberRisk",
"icon_emoji":":red_circle:",
"attachments":[
{
"text" :"{{ notification.description }}",
"color":"danger"
}
]
}

Make sure you click Send test message to confirm the payload and webhook are correct. You should see a sample message appear in slack - make sure you warn your Engineering team that this is only to test the integration!

When you are satisfied, click Confirm and Next to jump to the end of the integrations wizard, then toggle the integration to the enabled state. Click Finish.

You should now see your new integration in your Integrations tab.

What Next?

Many notification types in UpGuard are best sent to mediums like Slack, ServiceNow or Jira if they need to be directly actioned by a person. Other types of notifications are better handled by log aggregation tools, such as Splunk.

For more information on integrating with Splunk, please view our guide on How to send notifications to Splunk from UpGuard. If you would like more information on notifications in general, please view our guide on What are notifications in UpGuard?

Did this answer your question?