WASViking Docs
⌘K
Integrations

Slack and Teams

Route findings, SLA breaches, and supply chain alerts to your team's channel.

WASViking® routes alerts to Slack and Microsoft Teams with the same event model used by webhooks. The integration is per organization; multiple channels per org are supported.

What gets sent

By default, the following events route to Slack / Teams:

  • finding.escalated
  • finding.sla_breached
  • secret.verified_live
  • sbom.intel_match
  • posture_share.accessed
  • posture_share.revoked

You can subscribe a channel to any subset.

Slack setup

  1. In WASViking: Integrations → Slack → Connect.
  2. Authorize the WASViking app in your Slack workspace.
  3. Pick the default channel for alerts (you can override per subscription).
  4. Choose the event subscription set.

The WASViking Slack app requests:

  • chat:write to post messages.
  • chat:write.public to post to public channels without an invite.
  • incoming-webhook for legacy webhook delivery (optional).

Teams setup

Microsoft Teams uses an Incoming Webhook in the target channel:

  1. In Teams: configure an Incoming Webhook for the channel you want alerts in. Copy the webhook URL.
  2. In WASViking: Integrations → Teams → Connect, paste the URL, pick the event subscription set.

The format is Adaptive Card v1.4. Themes adapt to dark and light.

Smart re-notify

Supply chain alerts (sbom.intel_match) only re-notify the channel when:

  • A component is newly listed as KEV-exploited (KEV bump).
  • A component's severity bumps.
  • A fix version is now available.

Other intel updates land silently in the inventory. This keeps the channel signal, not background noise.

The same rule applies to finding.escalated: a finding only re-notifies on a meaningful risk change, not on every dashboard refresh.

Per-channel routing

Route different event sets to different channels:

Channel Event subscription
#sec-ops Everything.
#sec-criticals finding.sla_breached, secret.verified_live.
#sbom-watch sbom.intel_match, bundle.accessed.
#exec-summary finding.escalated (critical only), weekly digest.

Per-channel subscriptions are configured under Integrations → Slack → Channels or Integrations → Teams → Channels.

Quiet hours

Configure quiet hours per integration: events captured during the window are queued and delivered at the end of the window in a single digest message. Useful for nights and weekends without dropping signal.

Quiet hours apply per organization timezone (Settings → Organization).

Test delivery

Each integration ships a Test button that delivers a synthetic alert to the channel. Use it after connecting and after any subscription change.

Scope of this integration

Alert routing is one-way: WASViking posts events to your channel. You cannot transition a finding's status from a Slack message. For inbound automation such as transitioning findings use the public REST API or the webhook events directly.

To start a scan from Slack with a slash command and get the results posted back, see Run scans from Slack. That is a separate integration, configured under Settings rather than Alerts.