Skip to main content
All CollectionsTemplatesBasic
Change Sweet Security incident statuses via Slack Integration - Workflow Template

Change Sweet Security incident statuses via Slack Integration - Workflow Template

Notify SOC and users of Sweet Security alerts, enriching incidents with responses.

Updated over a month ago

This Torq workflow template automates incident response for Sweet Security alerts by enabling SOC teams to manage incident statuses through Slack. It retrieves incident information, alerts the SOC team in a designated Slack channel, allows for confirmation of activities with the involved user, and facilitates incident status updates and resolutions directly in Slack. This streamlines communication and accelerates the handling and remediation of network and web security alerts.

Take Me to the Template

Trigger

Use Cases

Remediate Network Security Alerts , Remediate Web Security Alerts

Workflow Breakdown

  1. Retrieve incidents from the platform.

  2. Notify the SOC team via a designated Slack channel.

  3. Confirm activity with the suspected user and enrich the event with their response.

  4. Update and resolve incident status directly through Slack

Vendors

Slack, Utils

Tips

  • Add the Webhook URL to the Sweet Platform through the Torq integration by navigating to Settings -> Integration.

  • For the initial setup, click on 'Create New Integration' and enter the Client ID and Secret provided by Sweet.

Related Articles
Handle AWS Security Group with Open SSH Access on Orca Alert - Workflow Template
Detected RDP session from Server to External IP (Armis) - Workflow Template
ITSM - Notify Slack user on closed/resolve incidents (ServiceNow) - Workflow Template
Open Jira Issues and Enrich Event on Sysdig Kubernetes Detections - Workflow Template
Sweet Security
Did this answer your question?