The integration for Slack enables ARMO users to receive security alerts over Slack channels. Alerts can be filtered to control their volume by configuring their severity level.

When ARMO Platform scans your cluster, you will receive notifications on Slack regarding the following:

  1. A new vulnerability is detected in your cluster (severity is configurable)
  2. A fix is available for a vulnerability that affects your cluster (severity is configurable)
  3. A new security risk is detected in your cluster (severity is configurable)
  4. The Compliance score has decreased by > X%

Prerequisites

ARMO Helm chart version: 1.17.0+

Steps to enable the ARMO app for Slack

  1. Authorize the app with ARMO to get new security issues data that can be forwarded to your Slack workspace.
  2. Authorize the app with your Slack workspace to allow ARMO to send notifications to your channels in the workspace.
  3. Select the cluster and namespace you want to get security alerts.
  4. Subscribe to the alerts if you want to get notifications.

How to Integrate:

Access Integrations

  1. On ARMO Platform’s main menu navigate to Settings->Integrations and select the ‘Connect’ button on the Slack card.
    Open the ARMO integrations page, and click the Connect on the Slack App tile:

  2. Select the slack workspace you'd like to use on the top right dropdown

    📘

    If multiple Slack workspaces are available, a dropdown will appear at the top right of the page. From there, select the desired Slack workspace.

  3. Click 'Allow'

  4. Click the Add Channel button on the top right

    1. Select the channel from the dropdown.

    2. Choose which clusters and namespaces should be monitored for alerting.

    3. Define which security events trigger notifications in Slack. You can tailor these notifications based on severity levels or specific types of incidents. Thus, enabling you to tune the signal-to-noise ratio of the alerts according to your needs.

  5. Test and Optimize: After setup, click on the button with the envelope icon to send a test message and ensure notifications are flowing smoothly. Iterate and optimize based on feedback from your security and DevOps teams.

Issue Slack notifications

Once the Slack app has been set up, it will send new security notifications to the chosen Slack channel based on the defined severity level threshold. It's important to note that it may take up to an hour for new issue notifications to start appearing in your Slack workspace once it's been configured.

Remove the ARMO app for Slack

To remove the ARMO app for Slack, follow these steps:

  1. Navigate to the Settings page.
  2. Click Manage on the integration for Slack card.
  3. Click the 'Disconnect Slack' button at the top right area of the page.

Privacy policy

https://www.armosec.io/privacy-policy/