Global Storage Forum

 View Only

Integrate Slack with IBM Storage Insights for Real-Time Ransomware Notifications

By Randhir Singh posted 23 days ago

  

Introduction

In this blog post, you will learn how to use IBM Storage Insights to send notifications in real-time to your Slack channel when it detects a potential Ransomware attack across storage systems that it monitors.

What is IBM Storage Insights?

IBM Storage Insights (SI) is a software-as-a-service (SaaS) solution designed to help organizations manage their storage environments more efficiently and effectively. It provides a unified dashboard for monitoring and managing various storage systems from IBM and other vendors, including IBM block and file storage, object storage, and virtualization systems. It is built as a cloud-native application composed of a collection of micro services running in a cloud-native environment.

Storage systems running on customer's datacentre provide their performance and configuration data periodically to SI where they are processed. The SI GUI offers many functionalities, some of the key features are:

  1. Real-time performance monitoring: Get visibility into the health and performance of storage systems, including metrics like latency, throughput, and capacity utilization. 
  2. Predictive analytics: Leverage machine learning algorithms to predict potential issues before they become problems, reducing downtime and improving overall system reliability.
  3. Ransomware Threat detection. Get alerts about potential ransomware attacks across various IBM Storage Virtualize and IBM Storage FlashSystem products. 

Alerts for Ransomware threat detection

When a ransomware threat is detected, email alerts are sent to the designated email addresses. And, within IBM Storage Insights Pro, you can monitor these alerts by going to either of these pages:

  • IBM Storage Insights tenant level: Dashboards > Operations
  • IBM Storage Insights tenant level: Dashboards > Alerts > Alert Name
For more details on how to enable Ransomware alert notification settings, refer to the IBM Storage Insights docs.
Instead of constantly checking the Storage Insights UI or your email for alerts, wouldn't it be nice if Storage Insights could send notifications to your Slack channel if a potential Ransomware attack is detected?

Integrating with Slack

To send notifications to a Slack channel, we need to give Storage Insights the information about that channel through a Slack Webhook URL.

To get a Slack Webhook URL of your Slack channel, go to Using Webhooks in Slack API, then create your Slack app.

After creating a Slack app, click the app and navigate to the page:

  •  Add features and functionality > Incoming Webhooks > Activate Incoming Webhooks > Add New Webhook to Workspace.

Try Out Notifications

Go back to Integrations page in Storage Insights. Copy the Webhook URL you have just created and paste it into the box Webhook URL.

Click on Test Webhook button. A dummy Ransomware alert will be sent to the Slack channel.
Click Save to save the Webhook integration. When a potential Ransomware attack is detected, Storage Insights will send a notification to Slack. A sample Ransomware notification is shown below. Clicking on the alertURL will open the alert in Storage Insights, where you can perform further analysis.

Conclusion

We have setup real-time notifications for potential Ransomware attacks by creating an integration with Slack in Storage Insights. With notifications set up, you no longer need to constantly check for potential Ransomware alerts. Now you will get updated with an alert notification in real-time.

Thanks to the team who worked on this and provided guidance.

@SANDEEP PATIL  @Ramakrishna Vadla @RANJITH RAJAGOPALAN NAIR @Santhosh S @Anil Chand Shetty @Vijay Patidar @Rajat Soren @Alif Khan


#Highlights
#Highlights-home
0 comments
30 views

Permalink