Slack Alerts
Send database audit alerts directly to Slack channels using incoming webhooks. Get instant notifications for security events, policy violations, and anomalies with rich formatting.
Channel Routing
Route different alert types to specific channels. Send critical alerts to #incidents and low severity to #security-logs.
Rich Formatting
Alerts include formatted attachments with color-coded severity, structured fields, and interactive buttons.
Direct Links
Each alert includes buttons linking directly to the event details in your DB Audit dashboard.
Configuration Reference
1 Connection Settings
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| name | string | Yes | - | A unique name for this alert destination (e.g., "slack-security-team") |
| provider | select | Yes | slack | Alert provider - select "Slack" |
| enabled | boolean | No | true | Enable or disable alert delivery |
| webhook_url | password | Yes | - | Slack incoming webhook URL (e.g., "https://hooks.slack.com/services/T.../B.../...") |
2 Slack Settings
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| channel | string | No | - | Override default webhook channel (e.g., "#security-alerts") |
| username | string | No | DB Audit | Bot username displayed in Slack |
| icon_emoji | string | No | :shield: | Emoji icon for the bot (e.g., ":warning:", ":lock:") |
| icon_url | string | No | - | Custom icon URL (overrides icon_emoji) |
| include_details | boolean | No | true | Include detailed event information in message attachments |
3 Alert Filtering
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| severity_filter | multiselect | No | all | Alert severities to send: critical, high, medium, low, info |
| alert_types | multiselect | No | all | Alert types: policy_violation, anomaly_detection, threshold_breach, classification_alert |
| database_filter | array | No | - | Limit to specific databases (empty = all databases) |
4 Delivery Settings
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| rate_limit | number | No | 60 | Maximum alerts per minute (1-100) |
| retry_attempts | number | No | 3 | Number of retry attempts on failure |
| retry_delay_seconds | number | No | 5 | Delay between retry attempts |
| timeout_seconds | number | No | 30 | Request timeout in seconds |
Setup Instructions
Create Slack App and Webhook
Create an incoming webhook in Slack to receive alerts from DB Audit.
# Creating a Slack Incoming Webhook
1. Go to https://api.slack.com/apps
2. Click "Create New App" > "From scratch"
3. Name your app "DB Audit Alerts" and select your workspace
4. Navigate to "Incoming Webhooks" in the sidebar
5. Toggle "Activate Incoming Webhooks" to On
6. Click "Add New Webhook to Workspace"
7. Select the channel for alerts
8. Copy the webhook URL
Test the Webhook
Verify the webhook URL is working before configuring DB Audit.
# Test your Slack webhook with curl
curl -X POST -H "Content-Type: application/json" \
-d '{"text": "Test alert from DB Audit"}' \
https://hooks.slack.com/services/YOUR/WEBHOOK/URL
# Expected response
ok
Configure in DB Audit
Add the Slack destination in the DB Audit dashboard.
- Navigate to Settings → Alert Destinations in DB Audit
- Click Add Destination
- Select Slack as the provider
- Enter your webhook URL
- Configure channel override and formatting options
- Select which alert types and severities to send
- Test the connection and save
Create Multiple Destinations (Optional)
Set up different webhooks for different alert types or teams.
Tip: Create separate destinations for critical alerts (#incidents) vs informational alerts (#security-logs) to reduce noise in high-priority channels.
Sample Alert Payload
Alerts are sent to Slack using the Block Kit format with rich formatting and interactive elements.
{
"channel": "#security-alerts",
"username": "DB Audit",
"icon_emoji": ":shield:",
"text": ":warning: *High Severity Alert: Bulk Data Access Detected*",
"attachments": [
{
"color": "#ff6b6b",
"blocks": [
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Database:*\nproduction-postgres"
},
{
"type": "mrkdwn",
"text": "*User:*\napp_user"
},
{
"type": "mrkdwn",
"text": "*Client IP:*\n10.0.1.50"
},
{
"type": "mrkdwn",
"text": "*Rows Accessed:*\n15,000"
}
]
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Description:*\nUser accessed more than 10,000 rows in a single query from the customers table."
}
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "View in Dashboard"
},
"url": "https://app.dbaudit.ai/alerts/alert_abc123"
}
]
}
]
}
]
}
Testing Your Integration
Test via Dashboard
- Go to Settings → Alert Destinations
- Find your Slack destination
- Click the Test button
- Check your Slack channel for the test alert
Test via API
curl -X POST \
https://api.dbaudit.ai/v1/alerts/test \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"destination_id": "dest_abc123"}'
Troubleshooting
Alerts not appearing in Slack
Verify the webhook URL is correct and the Slack app is properly installed in your workspace.
- Check that the webhook URL starts with
https://hooks.slack.com/services/ - Ensure the Slack app is still installed in the workspace
- Verify the destination channel still exists
Webhook returns 404 error
The webhook URL may have been revoked or the app was uninstalled.
- Check the Slack app settings at
api.slack.com/apps - Regenerate the webhook if necessary
- Update the webhook URL in DB Audit
Messages posting to wrong channel
Either the webhook default channel is different, or the channel override is misconfigured.
- Check the
channelfield in your DB Audit configuration - Ensure the channel name includes the # prefix
- Verify the Slack app has permission to post to the target channel
Rate limiting errors
Slack has rate limits on incoming webhooks. Adjust your DB Audit rate limit settings.
- Reduce the
rate_limitsetting in DB Audit - Filter alerts to only send high-priority notifications
- Consider using multiple webhooks to distribute load
Ready to Send Alerts to Slack?
Start receiving database security alerts in your Slack channels in minutes.