All Apps and Add-ons

Why does the Slack Webhook Alert Add-On only works with Admin permissions?

jbaileytempus
New Member

Hello,

We have some alerts setup using the Slack Webhook Alert Add-On, however after some testing, we have found that only Admins have the ability to create alerts that successfully use this alert action. I setup the permissions on the alert action so that the role of my non-admin users(default power role) has write access, but this still did not allow the alerts to fire. The error that is displayed in the logs is:

INFO sendmodalert - action=slack_webhook_alert - Alert action script completed in duration=8042 ms with exit code=5
WARN sendmodalert - action=slack_webhook_alert - Alert action script returned error code=5

Any help in figuring out what permissions are needed in order to allow my users to create and manage their own alerts without providing admin privileges would be very appreciated.

Thanks

0 Karma
1 Solution

sjodle
Path Finder

Check the permissions on your stored credential objects. They must be shared either globally or within the slack_webhook_alert app.

View solution in original post

0 Karma

sjodle
Path Finder

Check the permissions on your stored credential objects. They must be shared either globally or within the slack_webhook_alert app.

0 Karma

jbaileytempus
New Member

ty, i did find the permission error in the logs eventually(i had been looking in the wrong logs) and it was failing on trying to list_storage_passwords

0 Karma
Get Updates on the Splunk Community!

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...