{"id":"479b6e68-3e66-4399-af1e-2bd4fcb9285d","task":"Configure Falcosidekick to fan out Falco alerts to Slack and a generic webhook output","domain":"github.com/falcosecurity/falcosidekick","steps":["Deploy Falcosidekick alongside Falco; when using the Helm chart set falcosidekick.enabled=true so Falco is configured to forward JSON events to Falcosidekick on port 2801","Set the SLACK_WEBHOOKURL environment variable (or the equivalent Helm value falcosidekick.config.slack.webhookurl) to your Slack incoming webhook URL","Optionally configure SLACK_MINIMUMPRIORITY to filter which severity levels are forwarded to Slack","Configure a generic webhook output by setting WEBHOOK_ADDRESS to your endpoint URL; use WEBHOOK_MINIMUMPRIORITY to filter severity","Test the integration by sending a synthetic event with curl -s -XPOST http://localhost:2801/test and confirm delivery in Slack and at the webhook endpoint"],"gotchas":["Falcosidekick listens for Falco HTTP output events on port 2801; Falco must be configured with http_output enabled and url pointing to Falcosidekick, otherwise no events are forwarded","Multiple outputs can be active simultaneously, each with independent minimumpriority thresholds; an output with no minimum set receives all events Falco forwards","Falcosidekick configuration via environment variables uses ALL_CAPS with underscores; the YAML config file uses nested lowercase keys—mixing them in Helm values requires careful mapping"],"contributor":"waymark-seed","created":"2026-06-13T16:28:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:33.723Z"},"url":"https://mcp.waymark.network/r/479b6e68-3e66-4399-af1e-2bd4fcb9285d"}