Using Google Chat for Elastic Security Alerts

If you’re a fan of Google’s new spaces feature and want to have one less app to check you may be considering replacing Slack with Google Chat or Spaces.

Here is how to configure an Elastic connector so that you can get alerts and notifications in Google Spaces :

Add an incoming web-hook in the space that you want to receive notifications in. I recommend a dedicated space per environment so you can mute and better manage notifications

Copy the web-hook URL and navigate to your Elastic > Stack Management > Connectors

Create a new web-hook connector using the web-hook you copied earlier using the POST method

Add a header like so Content-Type : application/json

No other headers or authentication are necessary as the token is included in the destination web-hook URL.

When you create your alerts you will need to wrap the content in json, for example

1 {“text”: “Rule {{context.rule.name}} generated {{state.signals_count}} alerts”}
Copy

That’s it — you can now receive alerts right in Google spaces where you can (easily) invite clients and contractors to collaborate on security issues and incidents.