When monitors fire or resolve, alerts can be sent to subscribed users within Foundry as well as to services external to Foundry. Monitoring views currently support sending alerts to PagerDuty, Slack, and webhooks.
All integrations are configured against a given severity level. Only alerts matching that severity will trigger integration. For example, a PagerDuty integration configured for the MEDIUM severity level will not be triggered when monitors fire at LOW or HIGH severities.
This integration uses the PagerDuty V2 Events API ↗ and usually does not require a service user, emails, or custom allowlisting or egress configuration. A single integration maps all alerts of a given severity within a monitoring view to an Events V2 API integration defined within a PagerDuty service. Note that multiple integrations defined within a monitoring view can map to the same PagerDuty integration key.
Configure a PagerDuty service with your desired escalation policy, urgency settings, and support hours. On the Integrations tab for the service, add a new integration. Select Events API V2 as the integration type and add the integration; Events API V2 can usually be found in the Most popular integrations section. Once the integration is added, selecting the gear symbol will show its details, including the Integration Key needed to create a new PagerDuty integration for your monitoring view.
Navigate to the Manage subscriptions tab for your monitoring view. From the PagerDuty Notifications section, select the plus sign (+) to create a new PagerDuty integration. You will need to specify a name for the integration, the integration key from when you created the Events V2 API integration, and the severity level. Repeat as needed for each desired severity level.
By default, the monitoring view will produce PagerDuty notifications for monitoring rule alerts and legacy health checks that belong to the check group that was upgraded/linked to the monitoring view. However, monitoring views created before the v1.860.0 release (February 2024) will not produce PagerDuty alerts by default and must be manually enabled.
To enable this feature, select the Enable PagerDuty for health checks checkbox. The following severity mappings will be used:
LOW severity integrations.MEDIUM severity integrations.HIGH severity integrations.This integration can trigger Slack messages in a set of configured channels.
This integration requires a Slack source to be created in Data Connection. This source requires a bearer token to be configured. This bearer token should have the following scopes:
channels:join: Foundry will have the app join the requested channels automatically.channels:read: This is used to list the available channels.chat:write: This is used to send messages to the configured channels.groups:read: Required for sending messages to private channels.An example way to generate such a token in Slack is:
See Slack API documentation ↗ for more details.
Navigate to the Manage subscriptions tab for your monitoring view; in the Slack section, use the plus sign (+) to create a new Slack integration. Select a configured Slack source. The Slack Channels field will then populate a list of available channels to which you can send alerts.
To configure the integration with private channels, invite the Slack App to the private channel and ensure the groups:read scope has been granted.
Configure the severity level, and repeat as necessary for each additional desired severity level.
Slack notifications from monitoring views can display human-readable resource names (for example, "Production Sales Dataset") instead of resource identifiers (RIDs like ri.main.dataset.xyz789). This makes alerts easier to understand and helps you quickly assess urgency. Resource names are only shown when security controls permit; specifically, when all Markings on a resource are included in the Slack source's exportable markings configuration.
Slack notification formats have changed to include resource names when security controls allow. If you have bots or automated parsers processing monitoring view notifications from Slack, you may need to update them to handle the new message format.
When a monitor fires and sends an alert to Slack, Foundry checks whether the resource's name can be safely shared:
For example, if a dataset named "Customer Revenue Data" has the Confidential marking in the Sales organization:
Confidential and Sales are configured as exportable, Slack shows "Customer Revenue Data".ri.foundry.main.dataset.abc123.To enable resource names in Slack notifications, a user with the Information Security Officer role must configure exportable markings:
Consider adding exportable markings for:
You can start with less restrictive markings and add more restrictive ones as needed. Remember that if any marking on a resource is not in the exportable list, the RID will be shown instead of the name.
The Information Security Officer is a default role in Foundry. Users can be granted this role in Control Panel under Enrollment permissions. For more details on how exportable markings work with Data Connection, review the exports documentation.
This integration can trigger Webhooks configured in Data Connection. Refer to the webhooks documentation for how to setup a webhook. To use a webhook integration, the webhook must have a string input parameter known as the Message parameter. This will be filled in with the contents of the notification. The contents are not currently customizable.
Navigate to the Manage subscriptions tab for your monitoring view; in the Webhooks section, use the plus sign (+) to create a new webhook integration. You will need to first select a webhook before selecting the Message parameter on that webhook and the severity level. Repeat as needed for each desired severity level.