in Bettercloud, how does one keep alerts (and their workflows’ messages in slack in particualr)...


Badge

in Bettercloud, how does one keep alerts (and their workflows’ messages in slack in particualr) from being chatty/repeating a finding too frequently?



🗨 Link to Slack thread

15 replies

Userlevel 2
Badge +2

Do you have an example ? 🤔

Badge

someone on my team is afraid of too much noise coming from an alert I created for active gsuite users not logging in >95 days.

Badge

alert worked great already, so great that now they’re worried.

Userlevel 5
Badge +2

interesting, are the same users showing up repeatedly from the last login alert?

Userlevel 5
Badge +2

generally that one only fires once per user

Userlevel 2
Badge +2

Right, yeah I have this problem as well but from G Suite end. I think my approach to this problem is to think about alerts in two buckets.

• is this something we need to act on
or
• is this just something we just want as a fyi

Userlevel 5
Badge +2

I’ve seen scenarios where file’s scanned for content or certain settings will show up more than once (cc: @michael.marks)

Userlevel 2
Badge +2

So the way we solved it internally is to have a slack channel called #feed-it , which consist of 100% just fyi alerts. Think of it like every saas app would have a twitter account and posted about what they had for lunch

Things the team need to act on goes from BC or the system => jira via email. And is considered a call to action

Badge +2

For files scanned, we've typically seen it fire when there are multiple instances of the data type found in the file. Depending on how you are sending out messages, it could say "Credit card found in file xyz" - but if we found 50 credit cards in there, you'll get the same message 50 times.

Badge

i agree, either alert is FYI = separate channel, or high priority should be fine to reiterate. I can’t access the feature request site but i’d love to see if there is one to give the team patience

Userlevel 2
Badge +2

I think the feeling of being worried about an alert stems from the uncertainty of wether or not it is a responsibility to do something about it. So yeah just working with that ground rule of “where do we keep “real” alerts and where is the matrix panel where we see everything going in and out

Userlevel 2
Badge +2

And god forbid the alert comes as an email to a group so nobody even knows if someone is looking at it 😂

Badge

Still learning where the alert log is

Badge

^ vrklgn this is why slack is much better than email 🙂

Userlevel 2
Badge +2

Yep 100%

Reply