Posture Management
Set up and customize alerts with a Slack integration
Updated: June 19, 2025
FireTail allows you to send customizable alert notifications through Slack and other integrations. This guide walks you through creating a Slack integration and tailoring the notification payload.
To use a Slack Webhook integration, you must first create a Slack channel. Visit the Slack Help Center for instructions.
Create an alert in FireTail
For detailed instructions on creating different types of alerts, refer to the following:
- Navigate to Posture Management in the FireTail platform. Click the Alerting tab, select Static or Anomaly alert.
- Name the alert.
- Add any necessary Filters, Conditions and other required settings.
- Under Notification Integration, click Create to set up a new integration. This selects how you will get your alert notifications.
- Select Slack Webhook.
- Choose the Slack channel that alert notifications will be sent to.
- Click Allow.
A test message is sent to the selected Slack channel to verify the connection.
When set up, you can:
- Rename the integration.
- Click Change Connection to change the Slack channel the notifications are sent to.
- Customize the Slack payload.
- This is the information that is populated in the Slack notification when an alert is triggered. Tokens, which are placeholders embedded in the payload, dynamically insert relevant data such as alert details, timestamps, or severity levels. You can edit these tokens to customize the information displayed in the notification.
- Click Submit when finished making changes.
The integration is created and listed under the existing integrations tab You can now select this integration as a notification method when you create an alert or create an incident.
Customize the Slack Payload
The payload contains tokens that are dynamic variables, the content in these tokens is generated from the information contained in the triggered alert. For instance, if the token {alert_timestamp} is in the payload, when the alert is sent to your Slack channel, the time in UTC format, that the alert was generated is displayed. For example, 21/04/2023T12:35:36
Example payload
{
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "FireTail Alert",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Name:*\n{alert_name}"
},
{
"type": "mrkdwn",
"text": "*Trigger Time:*\n{alert_timestamp}"
}
]
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Condition:*\n{alert_static_triggered_value}
{alert_operand} {alert_static_threshold_value}"
}
]
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "<{alert_link}|view alert="">"
}
}
]
}This results in an alert being sent to Slack that will look similar to this:
Customize further
You can add, remove and change tokens and text in the payload. For example:
{
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "My Demo Alert",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Name:*\n{alert_name}"
},
{
"type": "mrkdwn",
"text": "*Trigger Time:*\n{alert_timestamp}"
},
{
"type": "mrkdwn",
"text": "*Alert Type:*\n{alert_type}"
}
]
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Condition:*\n{alert_static_triggered_value}
{alert_operand} {alert_static_threshold_value}"
},
{
"type": "mrkdwn",
"text": "*Alert UUID:*\n{alert_uuid}"
}
]
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "<{alert_link}|view alert="">"
}
}
]
}The alert that is triggered will now look similar to this:
Note: For a list of all tokens, go to Dynamic variables. Learn more about how to Customize notifications.