Slack Integration

Receive real-time security alerts directly in Slack channels. Get notified about critical vulnerabilities, expiring certificates, and scan completions without leaving your workspace.

Features

  • 🚨 Instant Alerts - Critical vulnerabilities posted within seconds
  • 📊 Rich Formatting - Color-coded severity, interactive buttons
  • 🔔 Smart Notifications - Filter by severity, domain, or vulnerability type
  • 🔗 Quick Actions - View details, mark as false positive, snooze alerts
  • 📈 Daily Digests - Summary of scans and findings (optional)

Setup

1. Create Slack App

  1. Visit https://api.slack.com/apps
  2. Click Create New AppFrom scratch
  3. Name: "Fence Security Alerts"
  4. Select your workspace
  5. Click Create App

2. Enable Incoming Webhooks

  1. In your Slack app settings, go to FeaturesIncoming Webhooks
  2. Toggle Activate Incoming Webhooks to On
  3. Click Add New Webhook to Workspace
  4. Select channel (e.g., #security-alerts)
  5. Click Allow
  6. Copy the Webhook URL (starts with https://hooks.slack.com/services/...)

3. Add to Fence

  1. Log in to Fence
  2. Navigate to SettingsNotifications
  3. Click Add ChannelSlack
  4. Configure:
  5. Name: "Security Alerts Channel"
  6. Webhook URL: Paste from step 2
  7. Channel: #security-alerts (auto-detected)
  8. Alert Types: Choose what to receive
  9. Click Test Integration to verify
  10. Click Save

Alert Types

Critical Vulnerability Alert

🚨 Critical Vulnerability Detected

Domain: example.com
Severity: CRITICAL (CVSS 9.8)
Title: SQL Injection in login form

CVE: CVE-2024-12345
OWASP: A03:2021 - Injection
Affected: https://example.com/login

[View Details] [Mark as False Positive]

Customization:
- Color: Red (#FF0000)
- Mentions: @security-team (configurable)
- Icon: 🚨

Certificate Expiring Alert

⚠️ SSL Certificate Expiring Soon

Domain: example.com
Expires: February 3, 2025 (14 days)
Issuer: Let's Encrypt

Subject Alternative Names:
  • example.com
  • www.example.com

[Renew Certificate] [View Details]

Customization:
- Color: Orange (#FFA500) for <30 days, Red for <7 days
- Mentions: @devops (configurable)
- Icon: ⚠️

Scan Completed Summary

✅ Security Scan Completed

Domain: example.com
Scan Type: Full Scan
Duration: 4m 32s

Vulnerabilities Found:
  🔴 Critical: 0
  🟠 High: 2
  🟡 Medium: 7
  🔵 Low: 4
  ⚪ Info: 1

[View Full Report] [Run New Scan]

Customization:
- Color: Green (#00FF00) if no critical/high, Yellow if high, Red if critical
- Icon: ✅

Alert Filters

By Severity

Only receive alerts for specific severities:

Alert when severity is:
☑️ Critical
☑️ High
☐ Medium
☐ Low
☐ Info

By Domain

Only receive alerts for specific domains:

Alert for these domains:
☑️ production.example.com
☑️ api.example.com
☐ staging.example.com
☐ dev.example.com

By Vulnerability Type

Only receive alerts for specific vulnerability categories:

Alert for:
☑️ SQL Injection
☑️ Remote Code Execution
☑️ Authentication Bypass
☐ XSS
☐ CSRF
☐ Information Disclosure

By Time

Schedule when alerts are sent:

Send alerts:
☑️ Weekdays only (Mon-Fri)
⏰ Between 9:00 AM - 6:00 PM (your timezone)
☐ Immediate (24/7)

Daily Digest

Receive a summary of all security activity at a scheduled time:

📊 Fence Security Daily Digest - January 20, 2025

Scans Run: 47
Domains Scanned: 12
New Vulnerabilities: 8

Top Issues:
  1. 🔴 SQL Injection in example.com (CVSS 9.8)
  2. 🟠 Weak TLS Ciphers in api.example.com (CVSS 7.5)
  3. 🟠 Missing HSTS Header in www.example.com (CVSS 6.5)

Certificates Expiring:
  ⚠️ example.com - Expires in 14 days
  ⚠️ api.example.com - Expires in 7 days

[View Dashboard] [Download Report]

Schedule options:
- Daily at 9:00 AM (your timezone)
- Weekly on Monday at 9:00 AM
- Monthly on 1st at 9:00 AM
- Custom schedule (Cron format)

Interactive Features

Slash Commands

Add Fence slash commands to Slack (Enterprise tier):

/fence scan example.com
  → Trigger immediate scan

/fence status
  → Show current scan queue

/fence vulnerabilities
  → List recent critical vulnerabilities

/fence help
  → Show available commands

Setup:
1. In Slack app settings → Slash Commands
2. Click Create New Command
3. Command: /fence
4. Request URL: https://fence.dev/api/slack/commands
5. Short description: "Fence security scanning commands"
6. Click Save

Interactive Buttons

Alerts include clickable buttons:

  • View Details → Opens vulnerability in Fence dashboard
  • Mark as False Positive → Updates status without leaving Slack
  • Snooze (24h) → Hide alert for 24 hours
  • Fix Instructions → Shows remediation steps in thread
  • Run Scan → Triggers new scan (Enterprise only)

Threaded Conversations

Keep alerts organized with threads:

🚨 Critical Vulnerability Detected
  ↳ Alice: Investigating now
  ↳ Bob: This is a false positive - we have WAF rule blocking this
  ↳ Fence Bot: Marked as false positive ✓

Advanced Configuration

Custom Payload

Customize Slack message format (Enterprise tier):

Fence default:

{
  "text": "🚨 Critical Vulnerability Detected",
  "attachments": [{
    "color": "#FF0000",
    "fields": [
      {"title": "Domain", "value": "example.com", "short": true},
      {"title": "Severity", "value": "CRITICAL", "short": true}
    ]
  }]
}

Custom payload (using Jinja2 templates):

{
  "text": "Security Alert for {{ domain }}",
  "blocks": [
    {
      "type": "header",
      "text": {"type": "plain_text", "text": "{{ title }}"}
    },
    {
      "type": "section",
      "text": {"type": "mrkdwn", "text": "*CVSS:* {{ cvss_score }}\n*CVE:* {{ cve_id }}"}
    }
  ]
}

Multiple Channels

Route different alerts to different channels:

Alert Type Channel Mentions
Critical vulnerabilities #security-critical @security-team
High vulnerabilities #security-high @devops
Certificate expiring #ssl-certificates @infrastructure
Scan completed #security-reports None
Daily digest #security-summary None

User Mentions

Tag specific users or groups:

Alert preferences:
  Critical → @security-team
  High → @devops
  Certificate expiring → @alice @bob

Mention formats:
- User: @alice or <@U0123456789>
- Channel: #security-alerts or <!channel>
- User Group: @security-team or <!subteam^S0123456789>
- Everyone: @everyone or <!everyone> (use sparingly!)

Troubleshooting

Alerts Not Appearing

Check:
1. Webhook URL is correct (starts with https://hooks.slack.com/services/)
2. Fence has permission to post to channel
3. Alert filters aren't blocking the message
4. Slack workspace isn't rate limiting (max 1 message/second)

Test:

# Test webhook manually
curl -X POST https://hooks.slack.com/services/YOUR/WEBHOOK/URL \
  -H 'Content-Type: application/json' \
  -d '{"text": "Test from Fence"}'

Webhook Revoked

If you see: "error": "invalid_token" or "error": "channel_not_found":

  1. Webhook was deleted in Slack
  2. Channel was renamed/deleted
  3. App was removed from workspace

Solution: Create new webhook and update in Fence

Rate Limiting

Slack limits to 1 message per second per webhook.

If you hit the limit:
- Reduce alert frequency
- Use digest mode instead of real-time
- Split alerts across multiple webhooks/channels

Security Considerations

Webhook URL Security

  • ✅ Store webhook URL securely (it's sensitive!)
  • ✅ Don't commit to Git
  • ✅ Rotate webhooks if leaked
  • ❌ Don't share webhook URLs publicly

If webhook is compromised:
1. Revoke in Slack: Apps → Your App → Incoming Webhooks → Delete
2. Remove from Fence: Settings → Notifications → Delete
3. Create new webhook with fresh URL

Data Sensitivity

Slack alerts may contain:
- Domain names
- Vulnerability details
- CVE IDs
- Affected URLs

For sensitive environments:
- Use private channels
- Limit channel membership
- Enable Slack Enterprise Grid (data residency)
- Consider self-hosted Slack alternative (Mattermost)

Compliance

HIPAA: Slack Business+ or Enterprise Grid required for BAA
GDPR: Data processed in US (Slack's data centers)
SOC 2: Slack is SOC 2 Type II certified

Migration from Other Tools

From Sentry

Sentry alerts → Fence alerts:

Sentry: "Error: Database connection failed"
  ↓
Fence: "🔴 Critical: SQL Injection detected"

Both tools complement each other:
- Sentry: Runtime errors and exceptions
- Fence: Security vulnerabilities and misconfigurations

From GitHub Dependabot

Dependabot alerts → Fence alerts:

Dependabot: "Vulnerability in [email protected]"
  ↓
Fence: "🔴 CVE-2024-12345 in Django 3.2.0"

Fence provides:
- Runtime vulnerability detection (not just dependencies)
- Exploitability verification (not just version checking)
- Remediation guidance with code examples

Best Practices

Channel Organization

#security-critical     → Critical vulnerabilities only (@security-team)
#security-high         → High severity (@devops)
#security-medium-low   → Medium/Low severity (no mentions)
#ssl-certificates      → Certificate expiring alerts
#security-digest       → Daily/weekly summaries

Alert Fatigue Prevention

  1. Start strict: Only critical/high alerts
  2. Gradually expand: Add medium after 2 weeks
  3. Use digests: Daily summary for low-priority items
  4. Set up workflows: Auto-create Jira tickets instead of Slack alerts
  5. Snooze wisely: Mute known false positives

Integration with Workflows

Example: Auto-create Jira ticket from Slack alert:

  1. Install Slack + Jira integration
  2. Create Slack workflow: "Critical vulnerability → Create Jira ticket"
  3. Fence posts alert → Slack workflow triggers → Jira ticket created
  4. Assign to security team automatically

Pricing

Tier Slack Channels Features
Hobby 0 Not available
Startup 5 channels Real-time alerts, filters
Enterprise 20 channels Slash commands, custom payloads
Custom Unlimited White-label bot, custom branding

Next Steps

Was this page helpful?

Let us know if you have any questions or suggestions.

Send Feedback