Skip to main content
All CollectionsTemplatesBasic
Validate Gem Alert Events in Slack - Workflow Template
Validate Gem Alert Events in Slack - Workflow Template

Communicate with a user through Slack to validate a security alert.

Updated over 6 months ago

This workflow template, "Validate Gem Alert Events in Slack," is designed for security incident validation. It initiates when a promising alert is flagged by Gem Security Monitoring. The workflow extracts the list of triggering events, sends them to the involved user via Slack, and requests validation to confirm whether they performed those actions. Once the user's acknowledgment is collected, it gets added to the alert's timeline within Gem, creating a clear record of the validation process for security teams.

Take Me to the Template

Trigger

Gem

Use Cases

CSPM

Workflow Breakdown

  1. Extract the list of triggering events from the alert's timeline

  2. Send the events list to the relevant user in Slack, and validate they're the ones who actually performed them

  3. Add the user's Slack response to the alert's timeline in Gem

Vendors

Slack, Utils, Gem

Related Articles
Handle Orca Alert for IAM Role with Admin Permissions - Workflow Template
Enable AWS S3 Bucket Versioning on Lacework Alert - Workflow Template
Handle Gem Alert for NSG With Ingress From Any (0.0.0.0/0) - Workflow Template
Handle Gem Alert for EC2 Instance "Write" Actions on IAM Entities - Workflow Template
Handle Gem Alert for Root Usage - Workflow Template
Did this answer your question?