LogRhythm to Slack Webhooks
- 1. Add a webhook to your Slack team.
- 2. Create your AIE alarm with fields that you want to pass to your webhook.
- 3. Create a powershell script accepting the fields as parameters:
4. Create the actions.xml manifest with the same parameters/fields:
5. Create your SmartResponse Plugin using the powershell script and manifest.
6. Set your SmartResponse as an action to your AIE alarm, mapping the correct parameters:
7. Trigger your alarm and observe the webhook:
Better Alarm Examples
Privileged User GroupChanges
Suspicious IP Inbound
Suspicious IP Outbound