# Slack Destination (Webhook)

## Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Slack as the destination where you will receive alerts.

## How to set up Slack alert destinations in Panther

### Step 1: Configure a new app in Slack

1. In a web browser, log in to your [Slack Workspace](https://api.slack.com/) as an administrator.
2. Navigate to the [**Your Apps** page](https://api.slack.com/apps).
3. In the upper-right corner, click **Create New App**.\
   ![On the left is a "Your Apps" header, and on the right is a "Create New App" button.](/files/OF4VCfQvDyXBPQLSSBgY)
4. In the **Create an app** pop-up modal, select **From scratch**.\
   ![Under a "Create an app" header, a "From scratch" option is circled.](/files/DjEfic374V3x7QEed0WQ)
5. In the **Name app & choose workspace** form, fill in the fields:
   * **App Name**: Provide the app a descriptive name, like `Panther App`.
   * **Pick a workspace to develop your app in**: Select the workspace to which you would like Panther alerts delivered.\
     ![Under a "Name app & choose workspace" header are two fields: "App Name" and "Pick a workspace to develop your app in."](/files/izIlCGZzWDDbf72tQwLL)
6. Click **Create App**.
7. From the **Basic Information** page you are directed to, in the left-hand navigation bar, select **Incoming Webhooks**.\
   ![In a navigation bar on the left side, an "Incoming Webhooks" link is circled. On the right is a page titled Basic Information.](/files/IIx3twkzfijVjVIA0l0O)
8. Set the **Activate Incoming Webhooks** toggle to **On**.
   * In the **Webhook URLs for Your Workspace** section that appears, click **Add New Webhook to Workspace**.\
     ![](/files/8WBkPuwQzX0BgN88cJRf)
9. In the **Where should \<Panther App> post?** field, select the channel you would like Panther alerts to post to, then click **Allow**.\
   ![](/files/jdEugdYfKlbAUNMBGtkX)
10. On the **Incoming Webhooks** page, under **Webhook URLs for Your Workspace**, copy the **Webhook URL** you just created. You will need it in the next step to configure the Slack destination in Panther.

### Step 2: Configure the Slack alert destination in Panther

1. Log in to the Panther Console.
2. In the left sidebar, click **Configure > Alert Destinations**.
3. Click **+Add your first Destination**.
   * If you have already created Destinations, click **Create New** in the upper right side of the page to add a new Destination.
4. Click **Slack**.
5. Fill out the form to configure the Destination:
   * **Display Name**: Enter a descriptive name.
   * **Webhook URL**: Enter the Webhook URL you generated in the previous section of this documentation.
   * **Severity Levels**: Select the severity level of alerts to send to this Destination.
   * **Default Alert Types**: Select the alert types to send to this Destination.
   * **Log Types**: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
   * **Allow Manual Dispatch**: Set this toggle ON if you'd like to be able to [manually dispatch alerts](https://docs.panther.com/alerts#manual-alert-dispatch) to this destination.\
     ![In the Panther Console, the "Configure your Slack Destination" page is displayed. It contains fields for Display Name, Slack Webhook URL, Severity, Alert Types, and Log Types.](/files/LNbwNjrpxgSM0z5f2xQd)
6. Click **Add Destination**.
7. On the final page, optionally click **Send Test Alert** to test the integration. When you are finished, click **Finish Setup**.

## Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: [Destinations](https://docs.panther.com/destinations).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.panther.com/alerts/destinations/slack.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.