Send Response on Slack Channel

To trigger Slack alerts from the Policy Audit, perform the following steps from the Policy Audit application:

  1. Create new action from Actions.
  2. Create new rule from Rule Manager tab.

Create New Action from Actions

To send an alert, you need to create a new action for which you want to receive an alert once the created rule is triggered. Alerts are initiated when events matching a condition are detected, and the action you configure for the condition match is triggered. For sending alerts on the Slack, you need to select Post to Slack as an action.

Perform the following steps in the application to create a new action:

  1. From the Responses, navigate to Actions and click New Action.
  2. Provide the Action Name and Description in the Basic Information section.
  3. From the Select Action, select a Post to Slack action.

  4. Under Slack Configuration, in Webhook URI, enter the saved webhook URL.



    Note: Select Test to send a test message to the channel associated to the webhook URL in Slack.

  5. Under Default Channel and Message Settings, enter the channel name where alerts are to be sent and the default message which is to be sent to that channel.
  6. Click Save.

Create New Rule from Rule Manager Tab

While creating a new rule, define the conditions and significant events that trigger the rule and send alerts.

Perform the following steps in Policy Audit to create a new rule:

  1. From the Responses, navigate to Rule Manager and click New Rule.
  2. In the Rule Information section, provide a Rule Name and Description of the new rule.
  3. In the Rule Query section, specify a query for the rule. The system uses this query to search for events. Use the Test Query button to test your query. If the Qualys Query Language (QQL) is not supported, you will be notified via the error message. The following screenshot is an example of the Rule Details section:



    Alternatively, you can click Sample Queries to select from the predefined queries. The following screenshot is an example of Sample Queries:
  4. In the Trigger Criteria, select the trigger criteria that match the rule query. You can choose the following Trigger Criteria from the drop-down menu:
    • Single Match: The system generates an alert whenever it detects an event matching your search query.
    • Time-Window Count Match: The system generates alerts based on the number of events the search query returns in a fixed time interval. For example, an alert will be sent when three matching events are found within a 4-hour window.
    • Time-Window Scheduled Match: The system generates alerts for matching events during a scheduled time. The rule will be triggered only when an event matching your search criteria is found during the time specified in the schedule. Choose a date and time range for creating a schedule and specify if the schedule should run Daily, Weekly, or Monthly. For example, daily alerts with all matches should be sent in a scheduled window between 4 PM and 5 PM.
  5. In the Action Settings, choose the actions the system will perform when an alert is triggered. You can customize the message text by inserting tokens into the alert message.
  6. Click Save.

Once the rule is triggered, an alert is sent to the selected Slack Channel. 

The following image shows a sample response for the Slack alert.

 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: November, 2025