Slack is the fastest way to get critical findings in front of the right team. Done well, it's responsive security ops. Done badly, it's a firehose everyone mutes. The goal is one channel for critical ops, one channel for weekly digests, and nothing else.

Setting up

Cyvex uses the Slack app OAuth flow — a workspace admin authorises the connection once. Afterwards, individual routing rules can send findings to any channel the Cyvex bot is invited to.

Recommended channels

#security-ops (private, on-call only): criticals and highs in real time.
#security-digest (team-wide): weekly summary + monthly breach digest.

What not to do

Don't route every finding to a public channel. The sensitive details in a finding title can be useful to an attacker who's already compromised one of your contractors' Slack accounts. Keep critical findings in a restricted channel with audit logging enabled.

Troubleshooting

If alerts stop arriving, the most common cause is bot scope changes during a Slack workspace audit. Re-authorise the app and check the bot is still a member of the target channel.