# Slack Destination (Webhook)

## Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Slack as the destination where you will receive alerts.

## How to set up Slack alert destinations in Panther

### Step 1: Configure a new app in Slack

1. In a web browser, log in to your [Slack Workspace](https://api.slack.com/) as an administrator.
2. Navigate to the [**Your Apps** page](https://api.slack.com/apps).
3. In the upper-right corner, click **Create New App**.\
   ![On the left is a "Your Apps" header, and on the right is a "Create New App" button.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-86d8c163ca0a95662d5963f0c1876dc810983a6e%2FYou%20Apps.png?alt=media)
4. In the **Create an app** pop-up modal, select **From scratch**.\
   ![Under a "Create an app" header, a "From scratch" option is circled.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-a3a274b6b2dadfd77808d704a0fe3f0718138615%2FFrom%20scratch.png?alt=media)
5. In the **Name app & choose workspace** form, fill in the fields:
   * **App Name**: Provide the app a descriptive name, like `Panther App`.
   * **Pick a workspace to develop your app in**: Select the workspace to which you would like Panther alerts delivered.\
     ![Under a "Name app & choose workspace" header are two fields: "App Name" and "Pick a workspace to develop your app in."](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-2fffbdcee8b1e5816f3a3442bfb53d43e23d769e%2FName%20app.png?alt=media)
6. Click **Create App**.
7. From the **Basic Information** page you are directed to, in the left-hand navigation bar, select **Incoming Webhooks**.\
   ![In a navigation bar on the left side, an "Incoming Webhooks" link is circled. On the right is a page titled Basic Information.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-9e422815a0504e8f9ce8f0e29a0cbe1a82241bce%2FBasic%20info.webp?alt=media)
8. Set the **Activate Incoming Webhooks** toggle to **On**.
   * In the **Webhook URLs for Your Workspace** section that appears, click **Add New Webhook to Workspace**.\
     ![](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-aab4a726ede17f1b330cf6c127b723362af8c1ac%2Fincoming%20webhooks.png?alt=media)
9. In the **Where should \<Panther App> post?** field, select the channel you would like Panther alerts to post to, then click **Allow**.\
   ![](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-2b809f35ff11f82852901ff69afc5fe81d718fbc%2Fboom.png?alt=media)
10. On the **Incoming Webhooks** page, under **Webhook URLs for Your Workspace**, copy the **Webhook URL** you just created. You will need it in the next step to configure the Slack destination in Panther.

### Step 2: Configure the Slack alert destination in Panther

1. Log in to the Panther Console.
2. In the left sidebar, click **Configure > Alert Destinations**.
3. Click **+Add your first Destination**.
   * If you have already created Destinations, click **Create New** in the upper right side of the page to add a new Destination.
4. Click **Slack**.
5. Fill out the form to configure the Destination:
   * **Display Name**: Enter a descriptive name.
   * **Webhook URL**: Enter the Webhook URL you generated in the previous section of this documentation.
   * **Severity Levels**: Select the severity level of alerts to send to this Destination.
   * **Default Alert Types**: Select the alert types to send to this Destination.
   * **Log Types**: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
   * **Allow Manual Dispatch**: Set this toggle ON if you'd like to be able to [manually dispatch alerts](https://docs.panther.com/alerts#manual-alert-dispatch) to this destination.\
     ![In the Panther Console, the "Configure your Slack Destination" page is displayed. It contains fields for Display Name, Slack Webhook URL, Severity, Alert Types, and Log Types.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-443c21560321c993304ed22e4ad5916e6b2b8c0d%2Fslack-panther.png?alt=media)
6. Click **Add Destination**.
7. On the final page, optionally click **Send Test Alert** to test the integration. When you are finished, click **Finish Setup**.

## Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: [Destinations](https://docs.panther.com/destinations).