Actions for Slack
Post on Slack. Sends data (outputfields) from the specified records (from the base query) to a slack channel.
Below are the possible use cases for the Post on Slack action:
You can send messages about high-risk alerts or incidents to specific Slack channels. For example, you could send a list of assets with a zero-day vulnerability to the SecOps slack channel for immediate attention.
Before you can execute the action Post on Slack, you must first enable incoming incoming webhooks on Slack and then copy the URL for incoming webhooks. For details, see https://api.slack.com/messaging/webhooks.
To create an action in Lucidum, follow these steps:
Choose Action Center from the left pane.
In the Action Center, choose from the action types in the Channels pane.
To create a configuration for the action, click the Manage Configuration button. A configuration provides the connection and authorization information to communicate with the external solution.
Save the configuration.
To create an action, click the Create a new action button. An action specifies the task to execute, the data to include in the action, and how frequently to execute the action.
Save the action.
Lucidum automatically executes the action at the time and recurrence you defined in the action.
You can apply an existing configuration to more than one action. If a configuration already exists, you might be able to re-use the existing configuration and might not need to create a new one.
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
webhook_url. The URL on slack that listens for webhooks from Lucidum.
Create a new action/View Action
Action Type. Select an action from the pulldown options.
Configuration Name. Select an action configuration from the pulldown options.
Action Name. Identifier for the action. This name will appear in the Lucidum Action Center.
Description. Description of the action.
Filters. For new actions, the Add Filter button leads to the New Query page, where you can query for the assets or users that the action will act upon. For existing actions, this field displays the query for this action. The Edit Filter button leads to the New Query page, with the current query already loaded for editing. For details on creating and editing queries in Lucidum, the section on Building Queries.
Schedule Settings. Define the schedule for the action. Choices are setting a Recurrence by date and time or After Data Ingestion, which happens at least once every 24 hours and can also be triggered manually.
Do not trigger the action unless. Specify the number of results from Filters as a prerequisite for executing the action.
Output Fields. The fields selected for the Filters. When creating or editing the query, you can select these fields in the Query Results page > Edit Column button.
Message. The message to send to slack, in Jinga format. The field includes a default Jinja template that you can edit. For details on Jinja, see https://jinja.palletsprojects.com/en/3.1.x/templates/.