The Slack integration enables ARMO users to receive security alerts over Slack channels. Alerts can be filtered to control their volume by configuring their severity level.

When ARMO Platform scans your cluster, you will receive notifications on Slack regarding the following:

  1. A new vulnerability is detected in your cluster (severity is configurable)
  2. A fix is available for a vulnerability that affects your cluster (severity is configurable)
  3. The Compliance score has decreased by > X%
  4. A new cluster admin was added

Prerequisites

ARMO Helm chart version: 1.17.0+

How to Integrate:

Access Integrations

  1. On ARMO Platform’s main menu navigate to Settings->Integrations and select the ‘Connect’ button on the Slack card.

  2. Select the slack workspace you'd like to use on the top right dropdown

  3. Click 'Allow'

  4. Click the Add Channel button on the top right

    1. Select the channel from the dropdown.

    2. Choose which clusters and namespaces should be monitored for alerting.

    3. Define which security events trigger notifications in Slack. You can tailor these notifications based on severity levels or specific types of incidents. Thus, enabling you to tune the signal-to-noise ratio of the alerts according to your needs.

  5. Test and Optimize: After setup, click on the button with the envelope icon to send a test message and ensure notifications are flowing smoothly. Iterate and optimize based on feedback from your security and DevOps teams.