Today in InsightConnect, I Learned.

Starting a thread for any and all InsightConnect Workflow Builders to share tips, tricks, and useful examples for other builders to learn from!

I’ll start it off…

TIL How to Make a Slack Trigger Listen for a Keyword
The Slack integration includes a trigger that starts a workflow anytime the Slack bot is mentioned in a channel or directly messaged by a user. But what if you want to set up several different Slack workflows? Easy: Make the trigger Match Text in the message to Slack bot.

  1. If you haven’t set up the Slack integration, then follow our Help docs here: https://insightconnect.help.rapid7.com/docs/configure-slack-for-chatops
  2. Create a new workflow and select the Slack App as your trigger.
  3. Select your workspace, select the New Message action, and enter name and trigger descriptions.
  4. In the Match Text field, enter (?i) keyword, replacing keyword with any word(s). Your workflow will now only trigger on messages directed @ your Slack bot that include those keywords!
    ---->The (?i) prefix simply makes the match text case insensitive.

SlackTriggerMatchText

Examples
Match Text: (?i)get host info
Matches Message: @Security Bot get host info hostname1234

Match Text: (?i)vuln check
Matches Messages: @Security Bot vuln check CVE-2019-0708, @Security Bot vuln check bluekeep

BONUS: How to Capture the Keyword
Now, you oftentimes may want to use your Slack command to effectively pass a variable into your workflow, similar to the examples above. To do so, you can simply use a Pattern Match step!

  1. Save your trigger and create a new Pattern Match step.
  2. Use the [message].[text] output from your Slack trigger step as the Match Input for your Pattern Match step.
  3. Use the following as your Match Against: get host info {{argument:/.*/}}
    ----> This will make your Pattern Match step output a new variable, argument, which can be used in subsequent workflow steps!

PatternMatchStep

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

What handy workflow tricks have you picked up in your time with InsightConnect?

4 Likes