How to send Xray security and license violation messages to Slack

Hirofumi Iwashita
2020-04-16 12:00

Xray has the Webhook integration but cannot send the messages to Slack directly because Xray payload and Slack one are different as below.

Payload which is sent by Xray

{ "alert_id" : “<ID>", "created" : “<CREATED_DATE>"}

Payload which is required by Slack

{ "text": "Hello, world."}

Please also refer to 4. Use your Incoming Webhook URL to post a message in Sending messages using Incoming Webhooks.

As another solution, Xray can also email their messages, so Slack can receive them by Email Integration. (Slack Standard Plan and above is required)

How to setup and confirmation

1. Add to Email integration on your Slack workspace.
User-added image

2. Configure Email integration.
User-added image

3. Specify Slack Email Address above in the Notify Email in a Policy Rule for Xray.
User-added image

4. Messages are posted in Slack when violations occur in the Xray as below.
User-added image