This topic covers two-way, or bidirectional, notifications in Slack or Microsoft Teams specifically for when Investigations or Incidents are created in Workbench. If you are looking for organization-level notifications that are sent to an integration or plug-in, see Manage Organization Notifications. If you are looking for email notifications, see Manage Email Notifications for Workbench.

Expel Workbench can integrate with Slack or Microsoft Teams to allow for two-way messaging with our SOC Analysts. Thread replies directly onto Slack or Teams "Investigation Created" and "Incident Created" notifications, and responses from Workbench will flow back into your Slack or Microsoft Teams thread, creating a seamless conversation loop.

Prerequisites

1. You must have Slack or Microsoft Teams configured to receive notifications in Workbench.
2. You must have organization notifications for Comment Created and either or both Incident Created and Investigation Created turned on for Slack or Microsoft Teams. See Manage Organization Notifications for Workbench to learn more.

Quick Links

• Bidirectional Notifications via Slack
• Bidirectional Notifications via Microsoft Teams

Bidirectional Notifications via Slack

 Slack to Workbench

1. Add a comment to an existing Incident Created or Investigation Created thread in Slack. You may also include images. Ruxie (our automated response bot) acknowledges the message is received.
2. The comment appears on the Incident or Investigation in Expel Workbench and the SOC is notified with no support ticket or Workbench login required.
   

Workbench to Slack

1. Add a comment to an Incident or Investigation in Expel Workbench and the SOC is notified without the need to create a ticket.
2. The comment appears in a thread under the Incident Created or Investigation Created notification in Slack. Further communication for this incident or investigation will occur in this thread.
   

Bidirectional Notifications via Microsoft Teams

Teams to Workbench

1. Add a comment to an existing Incident Created or Investigation Created thread in Microsoft Teams. You may also include images. Ruxie (our automated response bot) acknowledges the message is received.
2. The comment appears on the Incident or Investigation in Expel Workbench and the SOC is notified with no support ticket or Workbench login required.
   

Workbench to Teams

1. Add a comment to an Incident or Investigation in Expel Workbench and the SOC is notified without the need to create a ticket.
2. The comment appears in a thread under the Incident Created or Investigation Created notification in Teams. Further communication for this incident or investigation will occur in this thread.