Slack Socket Mode approvals
Get real-time incident notifications and approve plans without opening inbound ports.
How it works
Runtime Service (localhost) == OUTBOUND ==> Slack API (WebSocket)
<== messages ==
- Real-time alert notifications
- Interactive approval buttons
- Slash commands:
/wazuh status,/wazuh approve,/wazuh execute - No inbound ports required
Env vars
SLACK_APP_TOKEN=xapp-... SLACK_BOT_TOKEN=xoxb-...
Use Socket Mode so the runtime only needs outbound access to Slack.
Back to Quickstart