Slack & Microsoft Teams Integration
Send real-time alerts to Slack or Microsoft Teams channels for immediate visibility of AI security events.
Overview
This integration enables:
- Real-time notifications of policy violations
- Rich alert formatting with context
- Channel organization by severity/platform
- Thread-based discussions for incident response
- Interactive actions (acknowledge, resolve, etc.)
Supported Events:
- Policy violations (Block, Coach, Log)
- High-risk interactions
- Critical/high severity alerts
- Policy changes (admin only)
Slack Integration
Step 1: Create Slack App
Create a custom Slack app for Noxys.
- Go to api.slack.com → Your Apps → Create New App
- Choose: From scratch
- Configure:
- App name:
Noxys - Workspace: Select your workspace
- App name:
- Click Create App
Step 2: Enable Incoming Webhooks
- In app settings → Incoming Webhooks
- Toggle: Activate Incoming Webhooks → ON
- Click Add New Webhook to Workspace
- Choose channel:
#security-alerts(or create new) - Click Authorize
- Copy Webhook URL (starts with
https://hooks.slack.com/...)
Step 3: Configure in Noxys
Set up Slack webhook in Noxys.
- Noxys Admin Panel → Integrations → Slack
- Click Connect to Slack
- Configure:
| Field | Value |
|---|---|
| Webhook URL | From step 2 |
| Channel | #security-alerts |
| Events | Select: interaction.policy_violated, alert.severity_critical, alert.severity_high |
| Message Format | Rich (with formatting) |
- Click Test to send test message
- Verify message appears in Slack channel
- Click Save
Step 4: Customize Alert Format
Customize how alerts appear in Slack.
- Settings → Slack Formatting
- Configure message template:
Title: Policy Violation Detected
Platform: {platform_id}
Risk Score: {risk_score}
User: {user_email}
Classifications: {classifications}
Action: {policy_action}
Timestamp: {timestamp}
- Choose color coding:
- Red (🔴) for Block actions
- Yellow (🟡) for Coach actions
- Gray (⚫) for Log actions
Step 5: Create Multiple Channels (Optional)
Route different alert types to different channels.
-
Create new channels:
#noxys-critical(severity = critical)#noxys-violations(policy violations)#noxys-platforms(by platform)
-
Create separate webhooks for each channel
-
In Noxys: Configure routing:
- High severity → #noxys-critical
- Violations → #noxys-violations
- ChatGPT → #noxys-platforms
Microsoft Teams Integration
Step 1: Create Teams Channel
Create a new channel in Microsoft Teams.
- Teams → Your team → General
- Click + icon → Create channel
- Name:
Noxys Alerts - Click Create
Step 2: Create Webhook Connector
Set up incoming webhook.
- In channel → ⋯ (More options) → Connectors
- Search:
Incoming Webhook - Click Configure
- Configure:
- Name:
Noxys AI Firewall - Image URL: (optional)
- Name:
- Click Create
- Copy Webhook URL (provided after creation)
Step 3: Configure in Noxys
Set up Teams webhook in Noxys.
- Noxys Admin Panel → Integrations → Microsoft Teams
- Click Connect to Teams
- Configure:
| Field | Value |
|---|---|
| Webhook URL | From step 2 |
| Channel | Noxys Alerts |
| Events | Select event types |
| Message Format | Adaptive Cards (rich format) |
- Click Test
- Verify message appears in Teams
- Click Save
Alert Message Examples
Slack Format
🚫 BLOCKED: Policy violation detected
Platform: ChatGPT
Risk Score: 0.95
User: alice@acme.fr
Time: 2026-03-20 14:32:00
Detected Classifications:
• EMAIL (alice@acme.fr) - Confidence: 98%
• PHONE (555-1234) - Confidence: 87%
Policy: Block PII on ChatGPT
Action: BLOCKED
View Details: [Open in Noxys]
Teams Format
BLOCKED: Policy violation detected
Platform: ChatGPT
Risk Score: 0.95
User: alice@acme.fr
Time: 2026-03-20 14:32 UTC
📋 Classifications
├ EMAIL (alice@acme.fr) - 98%
└ PHONE (555-1234) - 87%
⚙️ Policy
├ Name: Block PII on ChatGPT
└ Action: BLOCKED
🔗 [View in Noxys] [Acknowledge] [Resolve]
Advanced: Threaded Conversations
Enable threaded discussions in Slack.
- When alert is posted in Slack
- Team members reply in thread for investigation
- Noxys API can fetch and store thread context
- Thread becomes incident discussion log
Create Threaded Slack Messages
{
"type": "thread",
"channel": "C123456",
"parent_thread_ts": "1234567890.123456",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Investigating: High-risk ChatGPT interaction"
}
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {"type": "plain_text", "text": "Acknowledge"},
"action_id": "acknowledge_btn"
}
]
}
]
}
Teams Adaptive Cards
Use Teams Adaptive Cards for rich formatting.
{
"@type": "MessageCard",
"@context": "https://schema.org/extensions",
"summary": "Policy Violation Alert",
"themeColor": "FF0000",
"sections": [
{
"activityTitle": "🚫 BLOCKED: Policy Violation",
"facts": [
{"name": "Platform", "value": "ChatGPT"},
{"name": "Risk Score", "value": "0.95"},
{"name": "User", "value": "alice@acme.fr"},
{"name": "Time", "value": "2026-03-20 14:32 UTC"}
]
},
{
"activityTitle": "Classifications Detected",
"text": "• EMAIL (alice@acme.fr) - 98%\n• PHONE (555-1234) - 87%"
}
],
"potentialAction": [
{
"@type": "OpenUri",
"name": "View in Noxys",
"targets": [
{"os": "default", "uri": "https://app.noxys.cloud/alert/abc123"}
]
}
]
}
Filtering Alerts by Severity
Route different severity levels to appropriate channels.
Configuration
Severity: Critical → #security-critical-alerts
Severity: High → #security-alerts
Severity: Medium → #security-medium
Severity: Low → 🔕 Do not send
In Noxys
- Settings → Alert Routing
- Create rules:
- Risk score >= 0.9 → Critical severity → #security-critical-alerts
- Risk score >= 0.7 → High severity → #security-alerts
- Risk score >= 0.5 → Medium severity → #security-medium
Interactive Actions
Allow team members to respond to alerts directly from chat.
Slack Buttons
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {"type": "plain_text", "text": "Acknowledge"},
"action_id": "acknowledge_alert",
"value": "alert_123"
},
{
"type": "button",
"text": {"type": "plain_text", "text": "Create Ticket"},
"action_id": "create_ticket",
"value": "alert_123"
},
{
"type": "button",
"text": {"type": "plain_text", "text": "View Details"},
"url": "https://app.noxys.cloud/alerts/alert_123"
}
]
}
Teams Action Buttons
{
"potentialAction": [
{
"@type": "Action.OpenUri",
"name": "Acknowledge",
"targets": [
{"os": "default", "uri": "https://api.noxys.cloud/alerts/acknowledge/alert_123"}
]
},
{
"@type": "Action.OpenUri",
"name": "Create Ticket",
"targets": [
{"os": "default", "uri": "https://app.noxys.cloud/alerts/alert_123/create-ticket"}
]
}
]
}
Troubleshooting
Messages Not Appearing in Slack/Teams
- Verify webhook URL is correct
- Check channel name is correct
- Verify Slack/Teams app has permission to post
- Test webhook manually:
- Click Test button in Noxys
- Check Slack/Teams channel is not archived
- Review Noxys webhook delivery logs
Formatting Issues
- Verify message format is supported (JSON, Markdown)
- Check for special characters in event data
- Use proper escaping for quotes and newlines
- Test with simple message first
Webhook URL Expired
- Slack/Teams webhook URLs don't typically expire
- If issues persist, regenerate webhook URL
- Update in Noxys integration settings
Best Practices
-
Organize by criticality:
- Critical alerts → Immediate notification channel
- Warnings → Monitoring channel
- Logs → Audit trail only
-
Rich context in messages:
- Include platform, user, risk score
- Show what policy was triggered
- Link to details in Noxys
-
Threaded discussions:
- Keep channel clean (no clutter)
- Incident discussion in threads
- Easy to trace investigation
-
Reduce alert fatigue:
- Filter out low-severity events
- Batch similar alerts
- Aggregate by user or platform
-
Enable actions:
- Let team acknowledge from chat
- Create tickets without switching apps
- Link to detailed investigation in Noxys
Integration with Other Tools
Slack Integrations
Connect Slack alerts to:
- Jira: Automatically create issues
- ServiceNow: Create incidents
- PagerDuty: Alert on-call engineer
- Datadog: Correlate with monitoring
Teams Integrations
Connect Teams alerts to:
- Power Automate: Trigger workflows
- SharePoint: Log events
- One Drive: Store evidence
- Outlook: Create calendar events for incidents
Notification Examples
Example 1: High-Risk Interaction Detected
🟡 COACHING: High-risk AI interaction
Platform: Claude (claude.ai)
Risk Score: 0.82
User: bob@acme.fr
Time: 2026-03-20 15:45:00
Reason: Sensitive data detected
Classifications:
• PERSON_NAME (Jean Martin) - 92%
• EMAIL (internal@acme.fr) - 88%
Policy Action: COACHED (warning shown to user)
Example 2: Blocked Critical Data
🚫 BLOCKED: Critical data exposure prevented
Platform: Perplexity AI
Risk Score: 0.98
User: alice@acme.fr
Time: 2026-03-20 16:02:00
Severity: CRITICAL
Classifications:
• CREDIT_CARD (4111-1111-1111-1111) - 99%
• IBAN (FR7412345678901234567890) - 96%
Policy: Block financial data on unauthorized platforms
Action: BLOCKED (interaction prevented)
Follow-up: Check if user exposed credentials elsewhere
Support & Resources
- Slack API: https://api.slack.com/
- Teams Webhook: https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using
- Noxys Support: support@noxys.eu
Related Integrations
- Webhooks API — Custom webhook configuration
- Jira/ServiceNow — Ticketing integration
- Overview — All available integrations