Slack Notifications
Slack Notifications
Section titled “Slack Notifications”Send CBOM alerts directly to your Slack channels. Keep your security team informed in real time when certificates are expiring, new violations are detected, or scans fail.
What It Does
Section titled “What It Does”The Slack integration delivers formatted notifications to your chosen channels when CBOM events occur:
- Certificate expiry warnings — 30, 14, and 7 days before expiration
- Policy violations — When assets fail compliance checks
- New critical assets — When quantum-vulnerable crypto is discovered
- Scan failures — When sensors can’t reach targets
Configuration (Planned)
Section titled “Configuration (Planned)”integrations: slack: webhook_url: https://hooks.slack.com/services/T.../B.../xxx channel: "#security-alerts" events: - cert_expiry_warning - new_critical_asset - policy_violation - scan_failure filters: min_severity: HIGH asset_types: - certificate - private-key schedule: digest: daily # Optional: send a daily summary instead of individual alerts digest_time: "09:00" timezone: "America/New_York"Example Notification
Section titled “Example Notification”Here’s what a certificate expiry alert looks like in Slack:
┌─────────────────────────────────────────────────────────┐│ 🔴 CBOM Alert: Certificate Expiring Soon │├─────────────────────────────────────────────────────────┤│ ││ Certificate: api.production.example.com ││ Expires In: 7 days (March 21, 2025) ││ Algorithm: RSA-2048 ││ Risk Level: 🟠 HIGH (quantum-vulnerable) ││ Issuer: Let's Encrypt Authority X3 ││ Locations: 3 servers (prod-web-01, prod-web-02, ││ prod-web-03) ││ ││ ┌──────────────────┐ ┌───────────────────────┐ ││ │ View in CBOM ↗ │ │ Acknowledge │ ││ └──────────────────┘ └───────────────────────┘ ││ │└─────────────────────────────────────────────────────────┘Policy Violation Alert
Section titled “Policy Violation Alert”┌─────────────────────────────────────────────────────────┐│ ⚠️ CBOM Alert: Policy Violation Detected │├─────────────────────────────────────────────────────────┤│ ││ Policy: NIST-PQC Compliance ││ Asset: payment-service signing key ││ Violation: RSA-2048 key does not meet PQC ││ requirements ││ Remediation: Migrate to ML-DSA-65 or ML-KEM-768 ││ Discovered: 2025-03-14 at 14:32 UTC ││ ││ ┌──────────────────┐ ┌───────────────────────┐ ││ │ View Details ↗ │ │ Create Jira Ticket │ ││ └──────────────────┘ └───────────────────────┘ ││ │└─────────────────────────────────────────────────────────┘Multiple Channels
Section titled “Multiple Channels”Route different event types to different channels:
integrations: slack: channels: - webhook_url: https://hooks.slack.com/services/T.../B.../critical channel: "#security-critical" events: - compromised_asset - cert_expired min_severity: CRITICAL
- webhook_url: https://hooks.slack.com/services/T.../B.../alerts channel: "#security-alerts" events: - cert_expiry_warning - policy_violation - new_critical_asset min_severity: HIGH
- webhook_url: https://hooks.slack.com/services/T.../B.../ops channel: "#security-ops" events: - scan_failure - new_asset_discovered min_severity: LOWUse Cases
Section titled “Use Cases”- Real-time security team awareness — No more missed certificate expirations or silent policy violations
- On-call alerting — Route critical events to on-call channels for immediate response
- Daily digest — Summarize overnight findings for the morning standup
- Cross-team visibility — Let DevOps, SRE, and security teams all see crypto health in their own channels
Related
Section titled “Related”- Integrations Overview — All available integrations
- Microsoft Teams — Similar notifications for Teams environments
- Jira — Auto-create tickets from alerts
- Policies — Define rules that trigger alerts