Mattermost (Team Chat)
Mattermost is a self-hosted team messaging platform — channels, DMs, threads, files, webhooks, and a full API — Slack-compatible without the SaaS.
Aithroyz deploys Mattermost as an alerting sink and team communication hub. Grafana and Wazuh can post alerts directly via incoming webhooks.
Access
URL:
https://mattermost.<env-name>.ops.aithroyz.comAdmin account: The first user to register becomes the system administrator.
Creating channels
Channels organize communication by topic. Recommended channels for a security sandbox:
#security-alerts
Automated alerts from Grafana, Wazuh, and Elastic posted by webhooks.
#incident-response
Active incident coordination — bridge between analysts and automated SOAR playbooks.
#general
Team announcements, environment status, and sandbox updates.
#dev-null
Test channel for verifying webhook payloads without noise in production channels.
Incoming webhook
Create an incoming webhook to allow external tools to post messages to a channel.
1. Open Integrations
Main Menu → Integrations → Incoming Webhooks → Add Incoming Webhook.
2. Set the target channel
Choose which channel the webhook will post to by default (can be overridden per POST).
3. Copy the URL
Save the webhook and copy the generated URL — it looks like https://mattermost.<env>/hooks/<token>.
# Post a message via the incoming webhook
curl -X POST https://mattermost.<env-name>.ops.aithroyz.com/hooks/<token> \
-H "Content-Type: application/json" \
-d '{
"channel": "security-alerts",
"username": "Wazuh",
"text": ":rotating_light: **Critical alert** — SSH brute-force detected on 10.0.0.21"
}'ℹ
The Mattermost incoming webhook payload format is Slack-compatible. Any tool that supports Slack webhooks can post to Mattermost without changes.
Bot account for automation
A bot account gives n8n or other tools a persistent identity and access token for posting messages and reading channel history via the REST API.
1. Create the bot
Integrations → Bot Accounts → Add Bot Account. Set a username, display name, and role.
2. Copy the token
The access token is shown only once — copy and store it in n8n credentials or your automation config.
3. Post via API
Use the Mattermost REST API with the Authorization: Bearer <token> header to post messages programmatically.
# Post a message via the Mattermost REST API
curl -X POST https://mattermost.<env-name>.ops.aithroyz.com/api/v4/posts \
-H "Authorization: Bearer <bot-token>" \
-H "Content-Type: application/json" \
-d '{
"channel_id": "<channel-id>",
"message": "Automated playbook completed successfully."
}'Tips
✓
The Slack-compatible payload format means Grafana, Wazuh, and many other tools can post to Mattermost using their built-in Slack notification settings — just paste the Mattermost webhook URL.
ℹ
Add slash commands under Integrations → Slash Commands to build ChatOps — trigger playbooks or query tool status directly from the chat interface.
✓
Enable Compliance Export under System Console → Compliance for an audit trail of all messages — useful for incident post-mortems and regulatory requirements.