Integration Settings

Slack integration, channel routing, and notification preferences

Case Auto-Creation

Automatically create cases when Stick detects threats

Set CASES_ENABLED=true in the backend environment to enable. This setting is controlled by environment variables and requires a backend restart to change.

Slack Integration

Socket Mode (outbound WebSocket) — no exposed endpoints required

Not Configured

Set SLACK_APP_TOKEN and SLACK_BOT_TOKEN in the backend environment

App Token (xapp-...)

Not set

Bot Token (xoxb-...)

Not set

Migrate Message Buttons

Convert old button-based messages to reaction-based format (links + emoji actions)

Channel Routing

0 channels configured — messages route by severity, org override, or message type

Routing priority (most specific wins):

Org overrideSeverity channelMessage typeDefault

Default

Not set

Fallback channel for all messages when no specific channel matches. Set via SLACK_CHANNEL_ID.

Critical

Not set

Critical severity threats and cases route here first. Set via SLACK_CHANNEL_CRITICAL.

High

Not set

High severity threats route here. Critical also falls back here if no critical channel. Set via SLACK_CHANNEL_HIGH.

Cases

Not set

Case creation alerts and updates route here. Falls back to severity or default. Set via SLACK_CHANNEL_CASES.

Notification Preferences

Choose which events post to Slack

Threat Alerts

Post when Stick confirms a threat (recommended)

Case Updates

Post when cases are acknowledged, escalated, or resolved

All Analyses

Post for every Stick analysis completion (high volume)

Daily Digest

Post a daily summary of case activity

Setup Instructions

1. Create a Slack app at api.slack.com/apps

2. Enable Socket Mode and generate an app-level token (xapp-...)

3. Add bot scopes: chat:write, commands, reactions:read, channels:history, groups:history, users:read

4. Subscribe to bot events: reaction_added (Event Subscriptions > Subscribe to bot events)

5. Install the app to your workspace and copy the bot token (xoxb-...)

6. Set environment variables:

# Required
SLACK_APP_TOKEN=xapp-...
SLACK_BOT_TOKEN=xoxb-...
SLACK_CHANNEL_ID=C0123456789
CASES_ENABLED=true

# Optional: severity-based routing
SLACK_CHANNEL_CRITICAL=C_CRITICAL_ID
SLACK_CHANNEL_HIGH=C_HIGH_ID
SLACK_CHANNEL_CASES=C_CASES_ID

# Optional: per-org routing (JSON)
SLACK_ORG_CHANNELS={"org-uuid-1": "C_ORG1_CHANNEL"}

For private channels, invite the bot first with /invite @Kindling.

See docs/CASES.md for the complete setup guide.

# Required SLACK_APP_TOKEN=xapp-... SLACK_BOT_TOKEN=xoxb-... SLACK_CHANNEL_ID=C0123456789 CASES_ENABLED=true # Optional: severity-based routing SLACK_CHANNEL_CRITICAL=C_CRITICAL_ID SLACK_CHANNEL_HIGH=C_HIGH_ID SLACK_CHANNEL_CASES=C_CASES_ID # Optional: per-org routing (JSON) SLACK_ORG_CHANNELS={"org-uuid-1": "C_ORG1_CHANNEL"}