Sending DataSunrise Notifications to Slack
DataSunrise Database Security Suite is the state-of-the-art software protecting your databases. Everything happening to your database, i.e. database user log-ins, audit and security rule events are logged by the EventManager. However, it might be inconvenient for our customers to log in to DataSunrise every time to check new database events. Customer convenience, comfort and safety being the top priority for our company we have developed a special “subscriber” mechanism the aim of which is to keep our customers informed about all database events.
This article covers integration of DataSunrise with Slack which is a popular instant messenger. On Slack you get 2 types on channels: public and private. Private channels can be accessed only by invitations, so private channels are pretty secure. DataSunrise can send messages to both types of channels.
To set up a subscribing mechanism and have DataSunrise send notifications to any Slack channel you need to go to the web UI of your DataSunrise instance. There you can choose between two options: Slack (direct) and Slack (token). Slack (direct) sends notifications to a Slack bot (called a webhook), so basically you send notifications not to Slack itself but to its bot which can forward notifications elsewhere. However in the article we’ll set the bot to send notifications to a Slack channel. Slack (token) sends notifications to any Slack channel and we’ll show in the article how you can do that. To make both options work we need to do a bit of configuring and setting-up. Let’s do it now.
Slack (direct) uses webhooks. So, we need to create one now. To do that go to https://api.slack.com/, log in there and click Incoming webhooks.
Scroll down the next window and click the green button “Create your Slack app”.
On the next page you can create a new Slack App. To do that you need to specify the app name and development Slask workspace. Let’s name our application MyTestApp and use DataSunrise Team workspace.
If you close this pop-up window you can create a new app any time by clicking the green button “Create New App”.
In the picture above click the newly created MyTestApp. After that click Incoming Webhooks and make sure that the toggle button is on. Then click Add New Webhook to Webspace (the picture below).
After clicking Add New Webhook to Workspace you need to select the Slack channel you want the notifications sent to. Let it be the channel #test2 for this article and after that click Authorise.
After that click the Copy button to copy the URL and save it somewhere for the time being as we’ll need it later.
We’ve just created a webhook. At the moment we have just one which will send messages to our Slack channel. Now let’s go back to the DataSunrise web UI. Go to Configuration → Subscribers → Add Server.
In the windows that opens select Slack (direct), enter the webhook URL you copied earlier in the “Path” field and omit https://hooks.slack.com/services/ If you look at the figure below it will be the string starting with T1D93… You can leave the port 443 unless you want something non-standard. In the picture below the path information is partially hidden due to security reasons. Click Save.
In the next window we can see the newly added server which will be sending notifications to our #test2 Slack channel. Now we need to add a subscriber for this server. To do that go left to Add Subscriber and click it.
In the window that appears after that select the Server Type and Gate, then leave any comment, check all the boxes you want notifications about and click Save.
That’s all you need to do to get notifications sent to a Slack bot (webhook) which later can send these elsewhere. For this article the bot sends notifications to a Slack channel. If you want your notifications sent just to a Slack channel you should use the second available option – Slack (token). For this article we’ll be using the #test1 Slack channel (yours can be anything) to show you how you can set up the second option to be notified on Slack.
First of all you need to follow this link https://api.slack.com/custom-integrations/legacy-tokens and generate a legacy token. The legacy token is just for you. Please be careful not to share this token with anyone and don’t publish it. Copy this token for further use.
Now let’s go to the DataSunrise web UI and set up a Slack (token) server. To do that go Configuration → Subscribers → Add Server. After that choose Slack (token) and click Save. The From field contains the Slack notifications sender name (could be anything).
After that we need to create a subscriber. To do that click Add Subscriber.
After that select the Server type, Gate (paste your legacy token) and channel (#test1 for this article, be sure to use a hash tag before the name of your Slack channel). After that tick the events you want to be notified about and click Save.
That’s basically all. We’ve just configured DataSunrise to inform you about all the events happening across your already protected database(s). From now on we’ll be getting database security notifications to the Slack channel test1 from the Slack (token) server and the Slack channel test2 from Slack (direct).