How to Set Up Slack Alerts for Your UniFi Network
A complete guide to configuring Slack notifications for Sentinel Nerd security alerts, including severity routing, message formatting, and best practices.
Sentinel Nerd Team
Slack is where your team already communicates, so it’s the natural place to receive security alerts. In this guide, we’ll walk through setting up Slack integration with Sentinel Nerd, from basic notifications to advanced severity routing with threaded follow-ups.
Why Slack for Security Alerts
Email is where alerts go to die. They pile up, get filtered, and lose urgency. Slack gives you:
- Instant visibility — Alerts appear in channels your team is already watching
- Collaborative response — Discuss incidents in threads without switching tools
- Mobile push notifications — Get critical alerts on your phone immediately
- Searchable history — Find past alerts and discussions quickly
- Bot integrations — Combine with other tools for automated workflows
Prerequisites
Before you start, you’ll need:
- A Sentinel Nerd account on any plan (Starter, Pro, or Enterprise)
- Admin access to your Slack workspace
- At least one UniFi controller connected to Sentinel Nerd
Step 1: Create a Slack Webhook
First, create an incoming webhook in your Slack workspace:
- Go to api.slack.com/apps and click Create New App
- Choose From scratch and name it “Sentinel Nerd Alerts”
- Select your workspace and click Create App
- In the left sidebar, click Incoming Webhooks
- Toggle Activate Incoming Webhooks to On
- Click Add New Webhook to Workspace
- Select the channel where you want alerts (we recommend
#security-alerts) - Click Allow
- Copy the webhook URL — you’ll need it in the next step
The webhook URL looks like https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX. Keep it private — anyone with this URL can post to your channel.
Step 2: Add the Webhook to Sentinel Nerd
Now, configure Sentinel Nerd to send alerts to Slack:
- Log into your Sentinel Nerd dashboard
- Navigate to Settings > Integrations > Alert Channels
- Click Add Channel and select Slack
- Paste your webhook URL
- Give the channel a name (e.g., “Security Alerts - General”)
- Select which severity levels should trigger alerts in this channel
- Click Test to send a test message
- Click Save
If the test message appears in your Slack channel, you’re connected.
Step 3: Configure Severity Routing
Not every alert deserves the same attention. We recommend creating multiple Slack channels with different severity routing:
Recommended Channel Setup
| Channel | Severity | Notification |
|---|---|---|
#security-critical | Critical only | @channel mention |
#security-alerts | High + Critical | Normal notification |
#security-all | All severities | No notification (muted) |
To set this up:
- Create three channels in Slack
- Create three webhooks (one per channel)
- Add each webhook to Sentinel Nerd with the appropriate severity filter
This way, critical alerts interrupt immediately, high-severity alerts are visible but not disruptive, and you have a complete log in the muted channel for review.
Step 4: Customize Message Formatting
Sentinel Nerd sends rich Slack messages with:
- Color-coded sidebar — Red for critical, orange for high, yellow for medium, blue for low
- Alert title with severity badge
- Source and destination IP addresses with GeoIP data
- Detection rule that triggered the alert
- Quick action buttons — View in dashboard, analyze with AI, mark as resolved
You can customize the message template in Settings > Integrations > Slack > Message Format. Available template variables include:
{{alert.title}}
{{alert.severity}}
{{alert.source_ip}}
{{alert.destination_ip}}
{{alert.rule_name}}
{{alert.timestamp}}
{{alert.device_name}}
{{alert.category}}
{{alert.geo.country}}
{{alert.geo.city}}Best Practices
Separate Channels by Severity
As outlined above, route different severity levels to different channels. This prevents alert fatigue from drowning out critical events.
Set Up Channel-Specific Notification Preferences
In Slack, right-click each security channel and configure notifications:
#security-critical— Notify for every message, even on mobile#security-alerts— Desktop notifications only#security-all— Mute the channel, review periodically
Use Threads for Investigation
When a critical alert comes in, start a thread. Post your investigation notes, screenshots from the dashboard, and resolution steps. This creates a searchable incident record.
Create a Triage Workflow
Define a process for your team:
- Alert arrives in
#security-critical - First responder reacts with 👀 (eyes emoji) to claim it
- Investigation notes go in the thread
- Resolution documented with ✅ (checkmark) reaction
- Post-incident review if needed
Don’t Alert on Everything
It’s tempting to send every event to Slack. Don’t. Start with critical and high severity, then add more specific alerts as you learn your baseline. Too many alerts leads to everyone ignoring the channel.
Testing Your Setup
After configuration, verify everything works:
- In Sentinel Nerd, go to Settings > Integrations > Slack
- Click Send Test Alert for each configured channel
- Verify the message appears in the correct Slack channel
- Check that the format, severity color, and content look correct
- Click a quick action button to confirm links work
You can also trigger a real alert by creating a test detection rule that matches on a common event in your network.
Advanced: Threaded Follow-Ups
On Pro and Enterprise plans, Sentinel Nerd can automatically post follow-up information as thread replies to the original alert:
- AI analysis results — When AI analysis completes, the summary posts as a thread reply
- Threat intelligence updates — If the source IP’s reputation changes, you get an update
- Correlated events — Related alerts from other sources appear in the same thread
- Resolution status — When an alert is resolved in the dashboard, the thread gets updated
Enable threaded follow-ups in Settings > Integrations > Slack > Advanced > Threaded Updates.
Troubleshooting
Messages not appearing? Check that the webhook URL is correct and the Slack app hasn’t been removed from the channel.
Wrong channel? Each webhook is tied to a specific channel. Create a new webhook for a different channel.
Rate limited? Slack limits incoming webhooks to 1 message per second. If you’re generating more alerts than that, consider increasing your detection rule thresholds or using the digest mode in Sentinel Nerd.
Test works but real alerts don’t? Check your severity filter settings. You might have the filter set to a severity level that doesn’t match your actual alerts.
Slack integration turns Sentinel Nerd from a security tool into a collaborative security platform. Your team sees threats in real time, discusses response in threads, and builds a searchable knowledge base of past incidents.
Need help with setup? Reach out to support@sentinelnerd.com or check our Slack integration docs.