Creating a webhook for Slack

About this task

A webhook facilitates the integration of IBM Storage Insights with Slack. With this integration, when a ransomware alert is triggered in IBM Storage Insights, you are notified through the slack message.

Procedure

To create a webhook for Slack in IBM Storage Insights, complete the following steps:

  1. From IBM Storage Insights, go to Configurations > Integrations. If you are in the new modern UI of IBM Storage Insights, then go to Settings.
  2. Click Add Integration.
  3. Enter appropriate information for each field, including the webhook URL, HTTP headers, and authentication type.
    1. In the URL field, enter your Slack webhook URL. To identify the URL, see step 8 in Creating a Slack application and a private Slack channel.
    2. You can choose the authentication types from the Type drop-down. API key, Basic Auth, and OAuth 2.0 are the supported authentication types.
    3. You can test a webhook connection to Slack by clicking Test Webhook.
  4. Click Add.

Results

The webhook for Slack is created successfully. When you click Test Webhook or encounter an actual ransomware alert trigger, the following alert information is sent to your Slack channel.
{
  "severity": "critical",
  "deviceType": "flashFamily",
  "subcategory": "SECURITY",
  "creator": "",
  "alert": {
    "source": {
      "deviceModel": "ABC",
      "deviceSerialNumber": "0000011111222222",
      "deviceType": "FlashSystem 0000-1111",
      "deviceName": "tpcflash9100"
    },
    "method": "FCM4"
  },
  "name": "Ransomware Threat Detection",
  "occurrenceTimeInMs": 1722414176890,
  "id": "2ca10680-4f16-11ef-b133-5f7dcde81b1d",
  "resourceType": "Storage System",
  "details": [
    {
      "volumeID": "69",
      "status": "offline_threat_detected",
      "hosts": "",
      "virtualVolumeID": "",
      "uID": "60050768108100cd000000000001ce6a",
      "description": "The volume has received an anomalous workload. This anomaly could be the result of a new application configuration where encryption is enabled or a security threat such as ransomware"
    }
  ],
  "tenantUUID": "01ecebec-f792-11d0-a794-f2c6a924f488",
  "alertURL": "https://dev.insights.ibm.com/gui/01ecebec-f792-11d0-a794-f2c6a924f488#alerts?id=2ca10680-4f16-11ef-b133-5f7dcde81b1d&parentType=storageSystem&parentId=95a5f1d0-4995-11ef-8ee9-a920a5b6ca70"
}