Starting a thread for any and all InsightConnect Workflow Builders to share tips, tricks, and useful examples for other builders to learn from!
I’ll start it off…
TIL How to Make a Slack Trigger Listen for a Keyword
The Slack integration includes a trigger that starts a workflow anytime the Slack bot is mentioned in a channel or directly messaged by a user. But what if you want to set up several different Slack workflows? Easy: Make the trigger Match Text
in the message to Slack bot.
- If you haven’t set up the Slack integration, then follow our Help docs here: https://insightconnect.help.rapid7.com/docs/configure-slack-for-chatops
- Create a new workflow and select the
Slack App
as your trigger. - Select your workspace, select the
New Message
action, and enter name and trigger descriptions. - In the
Match Text
field, enter(?i) keyword
, replacing keyword with any word(s). Your workflow will now only trigger on messages directed @ your Slack bot that include those keywords!
---->The(?i)
prefix simply makes the match text case insensitive.
Examples
Match Text: (?i)get host info
Matches Message: @Security Bot get host info hostname1234
Match Text: (?i)vuln check
Matches Messages: @Security Bot vuln check CVE-2019-0708
, @Security Bot vuln check bluekeep
BONUS: How to Capture the Keyword
Now, you oftentimes may want to use your Slack command to effectively pass a variable into your workflow, similar to the examples above. To do so, you can simply use a Pattern Match step!
- Save your trigger and create a new Pattern Match step.
- Use the
[message].[text]
output from your Slack trigger step as the Match Input for your Pattern Match step. - Use the following as your Match Against:
get host info {{argument:/.*/}}
----> This will make your Pattern Match step output a new variable,argument
, which can be used in subsequent workflow steps!
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
What handy workflow tricks have you picked up in your time with InsightConnect?