Skip to main content
Contact Support

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Slack configuration for Incydr Flows

  1. Last updated
  2. Save as PDF

Overview

The Incydr Response Flow for Slack allows you to quickly respond to risky activity to protect your organization's vital business data. When a user's activity triggers an alert in Incydr, the Response Flow automatically generates a message in Slack for your security analysts. From there, analysts can use the message to quickly respond to the possible incident and contain data loss. This article describes how to configure Slack in preparation for integration with Incydr Flows.

Considerations

Incydr Flows:

  • Are a paid service on some product plans.
  • Are not available in the Code42 federal environment.
  • Require assistance and setup from Code42 Professional Services. Contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

Configure Slack

Work with your Slack administrator to complete these configuration tasks in preparation for integration with an Incydr Response Flow:

  1. In Slack, create a private channel for your security team where alerts from the Response Flow are posted.
  2. In Slack, set up an API user account for Code42, and make this new user a member of the new channel.
    Incydr uses this account to posts messages to the security team channel in Slack when user activity triggers an alert.
  3. In Incydr, create a new user for the Response Flow and assign it the Insider Risk Analyst role.
    Incydr Flows uses this Code42 user and role to receive alert notifications and post these alerts to the new Slack channel.

Slack Response Flow processing

After you configure Slack and integrate it with an Incydr Response Flow, risky activity that triggers an alert in Incydr is automatically sent to your security analysts in a Slack message. Alerts are color-coded according to severity and include controls to:

  • Close the alert.
  • Start an investigation or create a case.
  • Request more information about the activity from the user or send links to security training refreshers.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
    Available in CrashPlan Cloud
    No
    Available in other/on-premises product plans
    No
    Available in Incydr Basic and Advanced
    Yes
    Available in Incydr Pro, Enterprise, and Horizon
    Yes
    Available in Instructor
    No
    Available in CrashPlan for Small Business
    No
  2. Tags
    This page has no tags.