Skip to main content

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

Code42 Support

Slack configuration for Incydr Flows


The Incydr Response Flow for Slack allows you to quickly respond to risky activity to protect your organization's vital business data. When a user's activity triggers an alert in Incydr, the Response Flow automatically generates a message in Slack for your security analysts. From there, analysts can use the message to quickly respond to the possible incident and contain data loss. This article describes how to configure Slack in preparation for integration with Incydr Flows.


Incydr Flows:

  • Are a paid service on some product plans.
  • Are not available in the Code42 federal environment.
  • Require assistance and setup from Code42 Professional Services. Contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

Configure Slack

Work with your Slack administrator to complete these configuration tasks in preparation for integration with an Incydr Response Flow:

  1. In Slack, create a private channel for your security team where alerts from the Response Flow are posted.
  2. In Slack, set up an API user account for Code42, and make this new user a member of the new channel.
    Incydr uses this account to posts messages to the security team channel in Slack when user activity triggers an alert.
  3. In Incydr, create a new user for the Response Flow and assign it the Insider Risk Analyst role.
    Incydr Flows uses this Code42 user and role to receive alert notifications and post these alerts to the new Slack channel.

Slack Response Flow processing

After you configure Slack and integrate it with an Incydr Response Flow, risky activity that triggers an alert in Incydr is automatically sent to your security analysts in a Slack message. Alerts are color-coded according to severity and include controls to:

  • Close the alert.
  • Start an investigation or create a case.
  • Request more information about the activity from the user or send links to security training refreshers.
  • Was this article helpful?