Integrate Slack for Outbound Notifications - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Product
Cortex XDR
License
Prevent
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

Cortex XDR enables you to integrate the Slack messaging application for outbound notifications to be received by Slack recipients.

Integrate the app with your Slack workspace to better manage and highlight your Cortex XDR alerts and reports. By creating a Cortex XDR Slack channel, you ensure that defined Cortex XDR alerts are exposed on laptop and mobile devices using the Slack interface. Unlike email notifications, Slack channels are dedicated to spaces that you can use to contact specific members regarding your Cortex XDR alerts.

Important

Once configured, only a Slack Administrator (Workspace Owner) with permissions to disable integrations from a channel, can remove the Cortex XDR Slack channel. For more information about how to remove a custom integration in Slack, see Remove apps and custom integrations from your workspace.

To configure a Slack notification, you must first install and configure the Cortex XDR app on Slack.

  1. From Cortex XDR , select SettingsConfigurationsIntegrationsExternal Applications.

  2. Select the provided link to install Cortex XDR on your Slack workspace.

    Note

    You are directed to the Slack browser to install the Cortex XDR app. You can only use this link to install Cortex XDR on Slack. Attempting to install from Slack marketplace will redirect you to Cortex XDR documentation.

  3. Click Submit.

    Upon successful installation, Cortex XDR displays the workspace to which you connected.

  4. Configure Notification Forwarding.

    After you integrate with your Slack workspace, you can configure your forwarding settings.