Skip to main content
InfraAudit delivers alerts to Slack using incoming webhooks. When a drift finding, vulnerability, cost anomaly, or compliance failure is detected, InfraAudit posts a formatted message to the configured channel — including the severity, affected resource, and a link to the full alert in the InfraAudit UI.

Step 1: Create an incoming webhook in Slack

1

Open the Slack app directory

Go to your workspace’s Slack app directory and create a new app, or select an existing one you manage.
2

Enable incoming webhooks

In the app settings, go to Features → Incoming Webhooks and toggle the feature on.
3

Add a webhook to your workspace

Click Add New Webhook to Workspace and pick the channel where alerts should appear (for example, #infraudit-alerts).
4

Copy the webhook URL

Copy the webhook URL. It follows the format https://hooks.slack.com/services/T.../B.../.... You’ll enter this in InfraAudit next.

Step 2: Configure InfraAudit

1

Open notification settings

Go to Settings → Notifications → Slack.
2

Paste the webhook URL

Paste the URL you copied from Slack and select a default channel.
3

Save

Click Save. All alert types are sent to this channel by default.

Test the integration

After saving, send a test message to verify the connection:
Go to Settings → Notifications → Slack and click Send test message.

Configure alert routing

By default, all alert types and severities are sent to the channel you configured. To route different alert types to different channels, set up routing rules under Settings → Notifications → Routing. A typical routing setup:
Alert typeChannel
Critical security alerts#security
Cost anomalies#finops
Compliance failures#compliance
All events#infraudit-all
You can also configure routing via the API. Each rule specifies a channel, alert type, severity filter, and a webhook URL (which can be a different Slack app or channel): 
curl -X POST http://localhost:8080/api/v1/notifications/preferences \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "channel": "slack",
    "alertType": "security",
    "severity": "critical",
    "webhookUrl": "https://hooks.slack.com/services/T.../B.../..."
  }'

What each Slack alert contains

Every message InfraAudit posts to Slack includes:
  • Alert title and type (security, cost, compliance)
  • Severity badge
  • Resource name and provider
  • A short description of what was detected
  • A direct link to the full alert in the InfraAudit UI

Multiple Slack channels

InfraAudit supports multiple Slack webhook configurations. Each routing rule can point to a different webhook URL, which means you can route alerts to entirely separate Slack workspaces or apps if needed.