Skip to main content

Send alerts to a SIEM, Slack, Teams, or other tools

Send alerts to Slack, Microsoft Teams, or your team’s security information and event management (SIEM) tool.

Audrey Garcia avatar
Written by Audrey Garcia
Updated over 3 months ago

Beacon is now Guard Detect, which is part of Atlassian Guard. Read the blog

You can send alerts about suspicious activity or potentially sensitive data to any destination using webhooks. This is useful if you already use a Security Information and Event Management system (SIEM) or other tool to monitor your organization.

Learn how to send alerts to:

Send alerts to Slack

You can send alerts to one or more Slack channels.

To send alerts to Slack:

  1. In Guard Detect, select Integrations > Slack from the header.

  2. Select Connect new channel.

  3. Specify which Slack channel to send alerts to.

  4. Select Allow.

To test the integration is working, send a test alert.

Send alerts to Microsoft Teams

The Microsoft Teams integration uses webhooks. How to create an incoming webhook in Workflows for Microsoft Teams

To send alerts to Microsoft Teams:

  1. In Guard Detect, select Integrations > Microsoft Teams.

  2. Select Add webhook URL.

  3. Enter the incoming webhook URL, and select Save.

To test the integration is working, send a test alert.

Send alerts to a SIEM or other tool

You can use webhooks to send alerts to any destination, such as a SIEM, or an automation tool like Jira Automation, Zapier, or Workato.

Check the documentation for your tool to find out how to create a webhook URL. This is where Guard Detect will forward the alerts.

To send alerts to a SIEM or other tool:

  1. In Guard Detect, select Integrations > SIEM webhooks.

  2. Select Add webhook URL.

  3. Enter the Webhook URL, and select Save.

To test the integration is working, send a test alert.

Secure your webhook

You can secure the webhook connection by adding an authorization header.

  1. In Guard Detect, select Integrations > SIEM webhooks.

  2. Select More actions (…) > Add authorization header beside the webhook you want to secure.

  3. Enter credentials using the <auth-scheme> <authorization-parameters> format. For example, Basic <credentials> or Bearer <token>.

This will be included in the header of every request.

What data is sent to your tool?

It’s important to know that once you set up an integration you will be sending alert data to the third party tool of your choosing. We send the alert title, description, and context which can include:

  • The name of the actor and their profile picture

  • The name of the subject, which can be a person or an entity (such as a space, project, or policy)

  • The site URL or page URL where the activity happened.

We respect the visibility settings in the actor’s Atlassian Account profile. If the actor has chosen not to share their profile picture with their Atlassian organization, we respect that setting.

You should make sure that it’s appropriate for this data to be shared with your third party tool before setting up the integration.

Did this answer your question?