Slack

Slack is a chat and collaboration hub used to connect people, information, tools, and services.

Types of Assets Fetched

This adapter fetches the following types of assets:

• Users
• SaaS data
  
  

Parameters

The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Cybersecurity Asset Management and/or SaaS Management capabilities.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

General

• Host Name or IP Address (required) - The hostname or IP address of the Slack server.
• Authentication Token (required) - An Authentication Token associated with a user account that has the Required Permissions to fetch assets. For instructions on generating the Authentication Token, see admin.users.list.
• Enterprise Grid Organization - Select if you are using the Slack Enterprise Grid Organization solution. This allows Axonius to fetch data from all workspaces associated with the authentication token.
• Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
• HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Host Name or IP Address.

SaaS Management

• Account Sub Domain - The Slack account's sub domain (<sub_domain>.slack.com).
• User Name and Password - The credentials for a user account that has the Required Permissions to fetch assets.
• MFA Secret - If you access Slack through an SSO solution that requires multi-factor authentication, you will need to generate a secret key in that solution and paste it here. See instructions for performing this action in Okta, Google, or Microsoft.

Advanced Settings

• Fetch deleted users (required, default: true) - Select this option to fetch deleted users. When cleared, only active users are fetched.
• Fetch user conversations - Select this option to fetch Slack conversations.

APIs

Axonius uses the Slack Web API.
To fetch conversations Axonius uses the following APIs:

• https://api.slack.com/methods/conversations.list

• https://api.slack.com/methods/conversations.members

Required Permissions

To Fetch data from Slack, the app you create for this purpose needs the following scopes:

• channels:read
• groups:read
• mpim:read
• im:read
• users:read
• users:read.email

For users with SaaS Management capability
In additions to the permissions listed above, users with SaaS Management capability must also add the following permissions:

• admin.analytics:read
• admin.apps:read
• admin.barriers:read
• admin.conversations:read
• admin.invites:read
• admin.teams:read (only for Enterprise Grid Organization editions)
• admin.usergroups:read
• admin.users:read
• auditlogs:read (only for Enterprise Grid Organization editions)
• calls:read
• links:read
• team.billing:read (only for Enterprise Grid Organization editions)
• team:read (only for Enterprise Grid Organization editions)
• users.profile:read

For Sending a Message to a Slack channel via the Enforcement Center

• Bot tokens - chat:write
• User tokens - chat:write, chat: write:user, chat:write:bot

For more information, see Slack - Send Message to Channel

Also, the Slack user that you use for this adapter must be either Workspace Owner or Org Owner, and the user requires access to the following URLs:

• https://{sub_domain}.slack.com/admin/billing
• https://{sub_domain}.slack.com/admin/settings
• https://{sub_domain}.slack.com/admin/auth
• https://{sub_domain}.slack.com/apps/manage/settings

Adapter Integration Setup

Create a User Account

1. Login to Slack as a Workspace or Org Owner.
2. Navigate to Settings & administration > Manage members and then click Invite People.
3. In the modal window, add an email, set Invite as to Member and click Send.
4. Copy the email.
5. Back in Axonius, paste the email in the Username field.
6. In Slack, complete the process required to activate the user. When setting the password, please ensure its length is at least 32 characters long.
7. Copy the password.
8. Back in Axonius, paste the copied password in the Password field.
9. Return to Slack's Manage Members pane. Find the newly created user, click the ellipsis button, and then click Change account type.
10. Select either Workspace Owner or Org Owner, and then click Save.
11. Ensure that the user has access to the following URLs:

• https://{sub_domain}.slack.com/admin/billing
• https://{sub_domain}.slack.com/admin/settings
• https://{sub_domain}.slack.com/admin/auth
• https://{sub_domain}.slack.com/apps/manage/settings

Set Permissions

1. Login to Slack as a Workspace or Org Admin.

2. Create a new Slack app. Your app will need to be able to handle a standard OAuth 2 flow.

   1. Click Create New App.
   2. In the new app window, click From scratch.
   3. Enter an App Name and select your workspace.

3. In the app's settings, select OAuth & Permissions from the left navigation. Scroll down to the section titled Scopes and add the following User Token Scopes:

   • channels:read
   • groups:read
   • mpim:read
   • im:read
   • users:read
   • users:read.email
     
     

   In additions to the permissions listed above, users with SaaS Management capability must also add the following permissions:

   • admin.analytics:read
   • admin.apps:read
   • admin.barriers:read
   • admin.conversations:read
   • admin.invites:read
   • admin.teams:read (only for Enterprise Grid Organization editions)
   • admin.usergroups:read
   • admin.users:read
   • auditlogs:read (only for Enterprise Grid Organization editions)
   • calls:read
   • links:read
   • team.billing:read (only for Enterprise Grid Organization editions)
   • team:read (only for Enterprise Grid Organization editions)
   • users.profile:read

For Sending a Message to a Slack channel via the Enforcement Center

• Bot tokens - chat:write
• User tokens - chat:write, chat: write:user, chat:write:bot
  For more information, see Slack - Send Message to Channel

Create an Authentication Token

1. In the app's settings, select Manage Distribution from the left navigation.
2. Under the Share Your App with Other Workspaces section: https://localhost
   1. Expand the Add OAuth Redirect URLs section, and add a redirect URL
   2. Expand the Remove Hard Coded Information section, and select the checkbox to confirm any hard coded information has been removed.
3. Click Activate Public Distribution.
4. In the Share Your App with Your Workspace section, copy the Sharable URL and paste it into a browser to initiate the OAuth handshake that will install the app on your organization.
   If you are running Slack Enterprise Grid Organization, you must be logged in as an admin or Owner of your to install the app.
5. Check the dropdown in the upper right of the installation screen to make sure you are installing the app on the organization, not an individual workspace within the organization.
6. Once the application is authorized, the URL in the address bar contains a 'code' parameter. Copy the value of that parameter.
7. Retrieve the Client ID and Client Secret from the General Information section for the application.
8. Enter the copied 'code' value and the retrieved Client ID and Client Secret values in the following curl command:
   curl -vLk -F code=CODE_VALUE -F client_id=CLIENT_ID_VALUE -F client_secret=CLIENT_SECRET_VALUE https://slack.com/api/oauth.v2.access
9. Copy the resulting token.
10. Back in Axonius, paste the token in the Authentication Token field.

Grant Access on Specific Workspaces

This process is also specific for Slack Enterprise Grid Organization Solution to allow for fetching conversations from Slack.

1. Go to the following link, where {GRID_SUBDOMAIN} is the actual Grid subdomain: https://{GRID_SUBDOMAIN}.enterprise.slack.com/manage/organization/apps/profile/{{APP_ID}}
2. In the upper-right corner, Click Manage and select Add to more workspaces.
3. Select the Default for future workspaces checkbox.
4. On the left, select ALL the workspaces.
5. Click Next.
6. Click Next again.
7. Select the I’m ready to add this app checkbox, and then click Add.
   It may take a few minutes to add the app to all the Grid workspaces.