Configure DingTalk groups to receive alert notifications (new version) - Data Security Center

Data Security Center (DSC) allows you to configure DingTalk chatbots to send notifications of audit alerts and log storage alerts to DingTalk groups. This helps you handle exceptions at the earliest opportunity and ensures the normal running of your business. This topic describes how to configure alert notification settings for a DingTalk group.

Background information

You can configure alert notification settings for only one DingTalk group at a time. To send alert notifications in multiple DingTalk groups, you must add a DingTalk chatbot to each DingTalk group and configure alert notification settings for each DingTalk group in the DSC console.

Prerequisites

DingTalk is installed, and a DingTalk group is created to receive notifications.

Step 1: Add a custom chatbot to a DingTalk group

Note

The operations described in this section are provided only for reference. You can add a chatbot based on the instructions in DingTalk.

Open DingTalk.
Open the DingTalk group to which you want to add a chatbot and click the icon in the upper-right corner of the DingTalk group. In the Group Settings panel, click Bot.
In the Bot Management panel, click Add Robot and click Custom.
In the Robot details dialog box, click Add.

In the Add Robot dialog box, configure the following parameters.

Parameter	Description
Chatbot name	The name of the chatbot.
Add to Group	The name of the group to which you want to add the chatbot.
Security Settings	The security settings of the chatbot. Valid values: Custom Keywords: required. You can specify multiple keywords. The keyword DSC alerts must be included. Additional Signature: optional. If you select this option, copy and save the signature key. You must enter the key when you perform Step 5 in the DSC console. IP Address: optional. Alert notifications are sent by the DSC server. After you select this option and specify IP addresses, alert notifications are sent for only requests from the specified IP addresses. Therefore, you must specify the IP address of the DSC server. Otherwise, alert notifications are not sent. We recommend that you do not select this option.

Read and select I Acknowledge and Accept DingTalk Custom Robot Service Terms of Service, and then click Finished.
In the Add Robot dialog box, click Copy next to Webhook and save the webhook URL of the chatbot.
If you fail to save the webhook URL of the chatbot in this step, you can perform the following steps to obtain the webhook URL: Find the DingTalk group to which you added the chatbot. In the upper-right corner of the DingTalk group, click the icon and then click Bot. Then, find the chatbot whose details you want to view and click the chatbot. In the dialog box that appears, copy the webhook URL of the chatbot. The webhook URL is in the following format:
```
https://oapi.dingtalk.com/robot/send?access_token=XXXXXX
```

Step 2: Configure alert notification settings in the DSC console

You must configure alert notification settings in the DSC console to enable the chatbot to send alert notifications.

Log on to the DSC console.
In the left-side navigation pane, choose System Settings > Alert notification.
On the Alert notification tab, click Create Alert Configuration.

In the Create Alert Rule panel, configure the parameters and click OK.

Parameter	Description
Alert Method	Select DingTalk Chatbot.
Chatbot Name	Specify the name of the alert notification settings. If you do not configure this parameter, DSC automatically generates a name. The name is displayed as the recipient name on the System Settings > Alert notification page.
Webhook URL	Enter the webhook URL that you copied in Step 7.
Security Settings	If you select Additional Signature in the Security Settings section in Step 5, you must enter the signature key. If you do not select Additional Signature, you can leave this parameter empty.
Alert Configurations	Select the alert type for which notifications are sent, and configure the severity or alert threshold. You can select multiple severities at a time. Valid values: Audit Alerts: Notification emails are sent when an audit alert is triggered and the selected severities are matched based on the audit rules that you configure. Storage alerts: Notification emails are sent when the used log storage capacity exceeds the specified alert threshold.
Maximum Alerts	Specify the maximum number of notifications that can be sent for alerts triggered by a single rule within 24 hours. Valid values: 0 to 10. Default value: 10. DCS resets the accumulated number of notifications at 00:00 each day. If you do not want to send alert notifications, set this parameter to 0.

Step 3: Check whether the alert notification settings take effect

If alerts are displayed on the Audit alerts tab of the Data Detection and Response > Data Auditing page in the DSC console and alert notifications are sent in the DingTalk group, the DingTalk chatbot is configured.

If alerts are displayed on the Audit alerts tab of the Data Detection and Response > Data Auditing page in the DSC console but no alert notifications are sent in the DingTalk group, check whether the webhook URL of the chatbot is valid.

What to do next

Modify the alert notification settings of a chatbot
If you want to modify the alert severity, alert type, or webhook URL for a chatbot, find the DingTalk chatbot alert notification that you want to modify on the Alert notification tab and click Edit in the Actions column.
Delete the alert notification settings of a chatbot
If you do not want to send alert notifications to a DingTalk group, find the DingTalk chatbot alert notification on the Alert notification tab and click Delete in the Actions column.