Slack integration

Slack is an instant messaging platform especially appreciated by the software developer community. With Pandora FMS you will be able to get alert messages by simply adding a channel and an application to the account previously created in Slack. Then you must configure credentials with commands and actions in Pandora FMS.

Slack configuration: application creation

In the Pandora FMS libraries you can find the Slack connector CLI with complete and detailed information about the integration with this instant messaging platform. You should start by accessing the page dedicated to the Slack API, identify yourself and use the "Create a custom app" option. Assign a name and select a workspace for the application and click on "Create app".

image-1629793595980.png

Now you must go to the configuration of the newly created application and activate and add Incoming Webhooks.

image-1629793624874.png

Define the channel through which the application messages will be sent.

image-1629793651823.png

Select the desired channel and click Allow. The next step is the application permission settings in Slack.

Slack configuration: permissions and credentials

In the Basic Information option you will be able to access the application credentials (App Credentials), which you should never share, in any case. In the same way, access to OAuth & Permissions to copy the authorization token that you will place in Pandora FMS.

image-1629793746904.png

There are many other settings, such as defining a limited set of IP addresses that can make use of the API, and so on.

Go to the conversation panel in Slack, leaving the API settings section behind. Add or select a channel through which the application will send messages, click More and then Add apps. Select and add to the channel the application (in this example the channel is called # pfms). Observe the following triptych:

image-1629793801723.png

With all this configuration and information, the only thing left to do is to configure Pandora FMS to send messages through Slack.

Pandora FMS configuration: creation of an alert command

First you must install the Slack connector CLI, which you can download from the Pandora FMS library. You must have the following utilities installed in the Pandora FMS server: python3 and python3-pip. With this last command you should install the Slack connector CLI requirements for Pandora FMS:

pip3 install -r requirements.txt

-t TOKEN -c CHANNEL -d DATA.

For example:

python3 pandora-slack-cli.py.py -t <webhook-url> -c <channel id/name> -d "Data=5, Agent=Test, Module=Ping"

Due to the flexibility of Pandora FMS, there are also additional parameters that allow, for example, the sending of graphs through the Pandora FMS external API.

image-1629793991364.png

Take the time to learn these requirements. To create an alert command go to the Pandora FMS Web Console and click on Alerts -> Commands -> Create.

image-1629794044918.png

Configure each of the eight fields required by the command; in the test-exec file that accompanies the Slack connector CLI you can obtain each of them. Pay attention to field number two, which must contain, in a hidden way, the token of the application created in Slack. Add the group that will be able to access the sending of alerts.

image-1629794085412.png

Click on the Create button to save the alert command.

Pandora FMS configuration: creating an alert action

The alert actions allow you to define how to launch the command. Go to the menu Alerts -> Actions -> Create.

image-1629794210101.png

Select in Command the alert command created on the previous page, the fields will be filled in automatically. However, you can always customize the icons or messages for the Triggering and Recovery events, for example.

image-1629794261445.png

To save click on Create. To apply this action to either a Module or Policy, set up an alert template for this purpose.