Slack Integration
The Infracast Slack integration sends real-time notifications to your Slack workspace via an incoming webhook. You can receive alerts for new critical findings, discovery job completions, and other configurable Infracast events.
Prerequisites
- A Slack workspace where you have permission to create apps or incoming webhooks
- A Slack channel to receive notifications
Creating a Slack Incoming Webhook
Option A: Create a Slack App (recommended)
- Go to https://api.slack.com/apps and click Create New App
- Choose From scratch, name it
Infracast, select your workspace - In the left sidebar, go to Incoming Webhooks
- Toggle Activate Incoming Webhooks to On
- Click Add New Webhook to Workspace
- Select the channel to post to (e.g.,
#security-alerts) - Click Allow
- Copy the generated Webhook URL (format:
https://hooks.slack.com/services/T.../B.../...)
Option B: Legacy Incoming Webhook (for workspaces with legacy integrations enabled)
- Go to Workspace Settings → Configure Apps → Incoming WebHooks
- Click Add to Slack
- Select the channel and click Add Incoming WebHooks Integration
- Copy the Webhook URL
Create a dedicated #infracast-alerts channel for security notifications. This keeps security findings visible and separate from general team communication, and makes it easy to set up channel-specific notification preferences.
Configuring the Integration
Navigate to Settings → Integrations → Add Integration → Slack:
| Field | Description |
|---|---|
| Webhook URL | The Slack incoming webhook URL |
| Channel | Target channel name (e.g., #security-alerts) — informational, does not override the webhook's channel |
| Notify on: New Critical Finding | Send a message when a Critical severity finding is created |
| Notify on: New High Finding | Send a message when a High severity finding is created |
| Notify on: Discovery Complete | Send a summary when a discovery job finishes |
| Notify on: Discovery Failed | Send an alert when a discovery job fails |
| Notify on: Asset Added | Send a message when a new asset is discovered |
| Minimum Severity | Override: only notify for findings at or above this severity |
Notification Format
New finding notification:
🚨 *Critical Finding* — web-server-01
CVE-2024-1234 — Remote Code Execution (CVSS 9.8)
Asset: aws.ec2.instance i-0abc123 (Production)
Plugin: AWS
<https://infracast.example.com/findings/fnd-abc123|View in Infracast>
Discovery completion notification:
✅ *Discovery Complete* — aws-prod
Duration: 4m 32s | New: 12 assets | Updated: 47 | Findings: 3 new
<https://infracast.example.com/discovery/jobs/job-xyz|View Details>
Discovery failure notification:
❌ *Discovery Failed* — cisco-network
Error: SSH connection refused to 10.0.0.1
<https://infracast.example.com/discovery/jobs/job-xyz|View Logs>
Troubleshooting
Webhook returns 404
Symptom: Error: Slack webhook request failed: 404 not_found
Cause: The webhook URL has been revoked or the app was deleted.
Fix: Regenerate the webhook URL in the Slack API console and update the Infracast integration configuration.
No messages appearing in channel
Symptom: Test connection succeeds but no messages appear in the channel
Checks:
- Verify the webhook is associated with the correct channel
- Check the Slack app's Incoming Webhooks page to confirm the webhook is active
- Verify that no Slack notification filters or DND settings are hiding messages in the channel
channel_not_found error
Symptom: Error: Slack error: channel_not_found
Cause: This can occur with legacy webhooks if the channel was archived or renamed.
Fix: Create a new webhook pointing to the correct channel and update Infracast.
Rate limiting
Symptom: Some notifications are not delivered during high-activity periods
Cause: Slack incoming webhooks are rate-limited to 1 request/second per webhook URL.
Fix: For high-volume environments, increase the Minimum Severity threshold to reduce notification volume, or create multiple webhooks for different severity levels.