Data Security Center (DSC) can send audit alerts and log storage alerts to a DingTalk group via a custom chatbot, so your team gets notified the moment an exception is detected.
Each alert configuration targets one DingTalk group. To route alerts to multiple groups, add a separate chatbot to each group and create a separate alert configuration for each group in the DSC console.
Prerequisites
Before you begin, make sure you have:
DingTalk installed
A DingTalk group ready to receive notifications
Step 1: Add a custom chatbot to a DingTalk group
The following steps are based on the DingTalk interface at the time of writing. Follow the instructions in DingTalk if the interface has changed.
Open DingTalk and navigate to the group.
Click the
icon in the upper-right corner of the group, then click Bot in the Group Settings panel.In the Bot Management panel, click Add Robot, then click Custom.
In the Robot details dialog box, click Add.
In the Add Robot dialog box, configure the following parameters.
Parameter Description Chatbot name The name of the chatbot. Add to Group The group to receive the notifications. Security Settings Controls which messages the chatbot forwards. Select at least Custom Keywords and add DSC alertsas a required keyword. You can specify multiple keywords. Optionally, also select Additional Signature: if selected, copy and save the signature key, which you will need when configuring the DSC console in Step 2. Avoid selecting IP Address: alert notifications are sent by the DSC server, and you must specify the IP address of the DSC server for this option to work. We recommend that you do not select this option.Select I Acknowledge and Accept DingTalk Custom Robot Service Terms of Service, then click Finished.
In the Add Robot dialog box, click Copy next to Webhook and save the webhook URL. The webhook URL has the following format:
https://oapi.dingtalk.com/robot/send?access_token=XXXXXXIf you close the dialog box without copying the URL, retrieve it by going to Group Settings > Bot, finding the chatbot, and copying the webhook URL from its details.
Step 2: Configure an alert rule in the DSC console
Log on to the DSC console.
In the left-side navigation pane, choose System Settings > Alert notification.
On the Alert notification tab, click Create Alert Configuration.
In the Create Alert Rule panel, configure the following parameters, then click OK.
Parameter Description Alert Method Select DingTalk Chatbot. Chatbot Name A display name for this alert configuration. If left blank, DSC generates a name automatically. This name appears as the recipient name on the Alert notification tab. Webhook URL Paste the webhook URL you copied in Step 1. Security Settings If you selected Additional Signature in Step 1, enter the signature key here. Otherwise, leave this blank. Alert Configurations The alert types and conditions that trigger notifications. Select Audit Alerts to receive notifications when audit alerts match your configured rules and severity levels. Select Storage alerts to receive a notification when log storage usage exceeds the alert threshold. You can select multiple severity levels. Maximum Alerts The maximum number of notifications sent per rule within 24 hours. Valid values: 0–10. Default: 10. DSC resets the counter at 00:00 each day. Set to 0 to disable notifications.
Verify the configuration
The configuration is working if alerts appear on the Audit alerts tab at Data Detection and Response > Data Auditing and your DingTalk group receives the corresponding notifications.
If alerts appear in the DSC console but no notifications arrive in the DingTalk group, check whether the webhook URL of the chatbot is valid.
What's next
Modify an alert configuration
To update the alert severity, alert type, or webhook URL, find the configuration on the Alert notification tab and click Edit in the Actions column.
Delete an alert configuration
To stop sending alerts to a DingTalk group, find the configuration on the Alert notification tab and click Delete in the Actions column.