Realtime notifications via Slack

Notifications help ensure operators are informed of potential security threats in seconds, allowing them to take appropriate action to mitigate the risks. bucketAV integrates with marbot, allowing you to receive alerts about infected or unscannable objects via Slack.

Receiving bucketAV notifications with marbot is free of charge. A subscription for marbot is not required.

  1. Add marbot to Slack.
  2. Invite marbot to a channel: /invite @marbot.
  3. Send @marbot endpoint to the channel.
  4. Copy the returned URL (e.g., Inviting marbot to a Slack channel and fetch endpoint
  5. Open SNS in the AWS Management Console.
  6. Ensure that you are in the correct region.
  7. Navigate to Topics.
  8. Search for the FindingsTopic and click on it.
  9. Click on the Create Subscription button. Creating a SNS subscription part 1
  10. Keep the prefilled Topic ARN.
  11. Set Protocol to HTTPS.
  12. Set Endpoint to the URL returned by marbot.
  13. Deactivate Enable raw message delivery. Creating a SNS subscription part 2
  14. Enable the Subscription filter policy.
  15. Select Message attributes as the filter policy scope.
  16. Use the following policy to only get notified about infected and unscannable objects.
{"status": ["infected", "no"]}

Creating a SNS subscription part 3

  1. Press the Create subscription button.

That’s it. Here is what a notification about an infected file looks like in Slack.

bucketAV notification about infected file in Slack

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email