How do I create custom message alerts with different criteria?

Message rules are configurable patterns that allow you to get alerts when a message is sent to a configured channel or channels with some structure or content. When Chronicle detects a match to the rule, an alert is sent to admins in the #chronicles channel and logged in the dashboard.

To create custom message alerts, sign in to the Chronicle dashboard using the “Add to Slack” button on the homepage, then select “Messages” on the left-hand sidebar, and use the resulting “Message Rules” box to create new custom message rules.

These message rules can be applied to any channel or set of channels you’d like, but by default will only apply to channels that haven’t been explicitly marked as ignored under “Channels”. Message rules can also be given a name and turned on or off to adapt to your needs.

Three separate types of message rules are available:

  • Case-insensitive: Triggered on any occurrence of the pattern within a message, where the pattern can optionally be a list of words to search for separated by a comma
  • Exact Match: Trigger on an exact match of the pattern somewhere within a message
  • Regex: Trigger on a message matching a regular expression pattern, defined by the user as a pattern. The matching follows Python’s regular expression flavor. We suggest regex101.com as a resource to learn more about regular expressions and test your own

Additionally, all Chronicle installations automatically come with three message rules:

  1. Profanity: Match any mention of profanity in a message (disabled by default)
  2. Credit Cards: Match any mention of a credit card number in a message
  3. Passwords: Match any mention of sharing a password in a message

If you need help configuring a message rule or have questions that are not answered here, please contact us.