Skip to content

TheNoButton/logrhythm-slack-webhooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
better examples
better examples
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
actions.xml
actions.xml
 
 
basic.ps1
basic.ps1
 
 

Repository files navigation

LogRhythm to Slack Webhooks

These are some examples/quick guide on how to send Slack Webhooks from LogRhythm AIE alarms.

Steps

  1. Add a webhook to your Slack team.
    [ NOT SHOWN ]

  2. Create your AIE alarm with fields that you want to pass to your webhook.
    [ NOT SHOWN ]

  3. Create a powershell script accepting the fields as parameters.
    [ basic.ps1 ]

  4. Create the actions.xml manifest with the same parameters/fields.
    [ actions.xml ]

  5. Create your SmartResponse Plugin using the powershell script and manifest.
    [ NOT SHOWN ]

  6. Set your SmartResponse as an action to your AIE alarm, mapping the correct parameters:

  7. Trigger your alarm, observe the webhook:

Better Examples

auth-failure.ps1

suspicious-ip-inbound.ps1

suspicious-ip-outbound.ps1

privileged-user-group-change.ps1

Credit

jgigler/Powershell.Slack

About

send webhooks to slack from logrhythm AIE alarms

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages