Creating a Slack Alert Integration

This article explains how to create an integration between your Slack and Cato account for alerts and system notifications.


The Cato Management Application supports a variety of alerts and notifications for different use-cases and conditions related to your account. You can define an integration with your Slack instance that support webhooks to send alerts and create alert-based automation flows. Cato's Slack integration supports customizable HTTP headers and messages in the alert to meet the specific needs of your organization.

Creating Slack Integrations

When you create a Slack integration, you need to provide the URL for the service that is receiving the alert via the webhook. You have the option to configure custom HTTP headers for the integration. The message body is populated by default with a JSON file format that is compatible with Slack. You also have the option to customize the body to meet the specific requirements of your organization.

If you choose to customize the body, there are a number of data fields that you can use in the message content. So you can define custom body (or structure), and then embed the Cato data fields. When you enter $, the available data fields are displayed and then select the required field. The fields use auto-complete to filter the list. For more information about the Cato fields, see Understanding the JSON Fields for Alert Integrations.


To create a Slack integration:

  1. From the navigation menu, click Administration > Subscriptions and select the Integrations tab.

  2. Click New Integration > Slack. The New Slack Integration panel opens.

  3. Configure these integration settings:

    1. Enter the integration Name.

    2. Click the slider to enable (green) or disable (gray) the integration (it's enabled by default).

  4. Configure the Connection Details:

    1. Enter the webhook URL for the Slack instance that is receiving the alert.

    2. Click Test. If the integration can connect to the service, then a Test passed successfully message is displayed.

      If there's a connection error, the page displays the HTTP error code and message reported by the service.

  5. (Optional) In Custom Headers, define the Key and Value for each additional HTTP header for the integration.

  6. (Optional) In Custom Body, customize the content of the Slack alert:

    • Enter $ to embed other fields

    • Enter / as the escape character

  7. Click Save. The Slack integration is saved and added to the Integrations page.

Defining Policy Notifications with Slack Integrations

Cato Security policies let you send notifications when a rule is matched. You can configure the Track settings to send notifications to a specific integration or to a Subscription Group that contains the integration.


To define a Slack notification for a rule:

  1. In the relevant policy, edit the rule and expand the Actions section.

  2. Select Send Notification.

  3. Define the Frequency for how often the alert is sent.

  4. In Send notification to, select Subscription Group or Integration and select the relevant item.

  5. Click Apply, and then click Save.

Was this article helpful?

0 out of 0 found this helpful


Add your comment