Slack

Slack is a chat and collaboration hub used to connect people, information, tools, and services.

Asset Types Fetched

This adapter fetches the following types of assets:

• Users, Application Extensions, Admin Managed Extensions, User Initiated Extensions, Application Add-Ons, Roles, Groups, Licenses, Application Settings, Application Extension Instances, Admin Managed Extension Instances, User Initiated, Extension Instances, Application Add-On Instances, Application Keys, SaaS Applications, Accounts/Tenants, Application Resources

Parameters

The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Axonius Cyber Assets and/or Axonius SaaS Applications.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

General

• Host Name or IP Address (required, default: https://slack.com) - The hostname or IP address of the Slack server.
• Authentication Token (required) - An Authentication Token associated with a user account that has the Required Permissions to fetch assets. For instructions on generating the Authentication Token, see admin.users.list.
• Enterprise Grid Organization - Select this if you are using the Slack Enterprise Grid Organization solution. This allows Axonius to fetch data from all workspaces associated with the authentication token.
• Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
• Not an Admin Token - Select this option if the Authentication Token you entered is not an admin token. In this case, the Team IDs field must be populated. All admin endpoints will be skipped in the fetched.
• Team IDs (required when Not an Admin Token it selected) - Provide a list of team IDs to fetch data from these specific teams. This is useful for fetching data from specific teams in an enterprise grid organization when the token is not an admin token.
  • Copy the Team ID from the team's URL in the Slack web client. For example, if the team URL is https://app.slack.com/client/T0123456789/A0123456789, the team ID is T0123456789.
  • If you leave this field empty, the team IDs will be fetched automatically from the admin.teams.list API.
• HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Host Name or IP Address.

Axonius SaaS Applications

• Account Sub Domain - The Slack account's sub domain (.slack.com).
• User Name and Password - The credentials for a user account that has the Required Permissions to fetch assets.
• MFA Secret - If you access Slack through an SSO solution that requires multi-factor authentication, you will need to generate a secret key in that solution and paste it here. See Set Up Google Authenticator for the Okta adapter, for an example.

Advanced Settings

📘

Note

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to ​Advanced Configuration for Adapters.

Fetch Settings

Users

• Fetch deleted users (required, default: true) - Select this option to fetch deleted users. When cleared, only active users are fetched.
• Fetch user conversations - Select this option to fetch Slack conversations. This requires the admin.conversations:read permission.

Groups

• Fetch groups - Select this option to fetch Slack groups as assets. This requires the admin.usergroups:read permission.

Roles

• Fetch Roles - Select this option to fetch roles in Slack.

SaaS Applications

• Fetch Application Add-Ons - Select this option to installed, third-party application add-ons.

APIs

Axonius uses the Slack Web API. To fetch conversations Axonius uses the following APIs:

• https://api.slack.com/methods/conversations.list

• https://api.slack.com/methods/conversations.members

Required Permissions

To Fetch data from Slack, the app you create for this purpose needs the following user scopes:

📘

Note

Enterprise Grid accounts cannot use Bot Tokens.

• channels:read
• groups:read
• mpim:read
• im:read
• users:read
• users:read.email
• usergroups:read

Permissions For users with Axonius SaaS Applications

In additions to the permissions listed above, users with Axonius SaaS Applications must also add the following user scope permissions:

• admin.conversations:read - Used to fetch Slack channels
• admin.invites:read
• admin.teams:read (only for Enterprise Grid Organization editions) - Used to fetch admin teams
• admin.usergroups:read - Used to fetch groups
• admin.users:read - Used to fetch admin users
• auditlogs:read (only for Enterprise Grid Organization editions)
• team.billing:read (only for Enterprise Grid Organization editions) - Used to fetch billing information
• users.profile:read - Used to fetch users' profiles

Permissions for Enforcement Actions

Send a Message to a Slack channel

• Bot tokens (Not for Slack Enterprise accounts) - chat:write

• User tokens - chat:write, chat: write:user, chat:write:bot For more information, see Slack - Send Message to Channel Send a Message to a Slack channel

• Bot tokens (Not for Slack Enterprise accounts) - chat:write

• User tokens - chat:write, chat: write:user, chat:write:bot For more information, see Slack - Send Message to Channel Send Direct Message to Users

• Bot tokens (Not for Slack Enterprise accounts) - chat:write

• User tokens - chat:write, chat: write:user, chat:write:bot For more information, see Slack - Send Direct Message to Users Send Direct Message to Assets

• Bot tokens (Not for Slack Enterprise accounts) - chat:write

• User tokens - chat:write, chat: write:user, chat:write:bot For more information, see Slack - Send Direct Message to Assets Create Group The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• write

• edit

• admin

For more information, see Slack - Create Group Delete Group The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• write
• edit
• admin

For more information, see Slack - Delete Group Update Group The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• write
• edit
• admin

For more information, see Slack - Update Group Create User The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• write
• edit
• admin

For more information, see Slack - Create User Update User The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• write
• edit
• admin

For more information, see Slack - Update User Suspend a Slack User

• Requires an OAuth token with admin scope For more information, see Slack - Suspend User

Also, the Slack user that you use for this adapter must be either Workspace Owner or Org Owner, and the user requires access to the following URLs:

• https://{sub_domain}.slack.com/admin/billing
• https://{sub_domain}.slack.com/admin/settings
• https://{sub_domain}.slack.com/admin/auth
• https://{sub_domain}.slack.com/apps/manage/settings

Assign Group to Users The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• write
• edit
• admin

For more information, see Slack - Assign Group to Users Assign Role to Users The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• write
• edit
• admin

For more information, see Slack - Assign Role to Users Assign Resource to Users The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• write
• edit
• admin

For more information, see Slack - Assign Resource to Users Assign Workspace to Channels The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• admin.teams:write

For more information, see Slack - Assign Workspace to Channels Set Permissions to Users in Channel The stored credentials, or those provided in Connection and Credentials, must have have the following permissions:

• admin.conversations:write

For more information, see Slack - Set Permissions to Users in Channel

Adapter Integration Setup

Create a User Account

📘

Note

It is recommended for the username and password to be derived from a newly created user account dedicated for the usage of Axonius. Retrieve the username and password from that user account.

1. Login to Slack as a Workspace or Org Owner.
2. Navigate to Settings & administration > Manage members and then click Invite People.
3. In the modal window, add an email, set Invite as to Member and click Send.
4. Copy the email.
5. Back in Axonius, paste the email in the Username field.
6. In Slack, complete the process required to activate the user. When setting the password, please ensure its length is at least 32 characters long.
7. Copy the password.
8. Back in Axonius, paste the copied password in the Password field.
9. Return to Slack's Manage Members pane. Find the newly created user, click the ellipsis button, and then click Change account type.
10. Select either Workspace Owner or Org Owner, and then click Save.
11. Ensure that the user has access to the following URLs:

• https://{sub_domain}.slack.com/admin/billing
• https://{sub_domain}.slack.com/admin/settings
• https://{sub_domain}.slack.com/admin/auth
• https://{sub_domain}.slack.com/apps/manage/settings

Set Permissions

📘

Note

This adapter supports all editions of Slack, but some of the steps outlined below are only relevant for accounts with the Enterprise plan. Non-Enterprise accounts don't require permissions to fetch Teams data.

1. Login to Slack as a Workspace or Org Admin.

2. Create a new Slack app. Your app will need to be able to handle a standard OAuth 2 flow.

   1. Click Create New App.
   2. In the new app window, click From scratch.
   3. Enter an App Name and select your workspace.

3. In the app's settings, select OAuth & Permissions from the left navigation. Scroll down to the section titled Scopes and add the following User Token Scopes:

   • channels:read
   • groups:read
   • mpim:read
   • im:read
   • users:read
   • users:read.email
   • usergroups:read

   In additions to the permissions listed above, users with Axonius SaaS Applications must also add the following permissions:

   • admin.apps:read
   • admin.conversations:read - Used to fetch Slack channels
   • admin.invites:read
   • admin.teams:read (only for Enterprise Grid Organization editions) - Used to fetch admin teams
   • admin.usergroups:read - Used to fetch groups
   • admin.users:read - Used to fetch admin users
   • auditlogs:read (only for Enterprise Grid Organization editions)
   • team.billing:read (only for Enterprise Grid Organization editions) - Used to fetch billing information
   • users.profile:read - Used to fetch users' profiles

For Sending a Message to a Slack channel via the Enforcement Center

• Bot tokens (Not for Slack Enterprise accounts) - chat:write
• User tokens - chat:write, chat: write:user, chat:write:bot For more information, see Slack -Send Message to Channel

Create an Authentication Token

1. In the app's settings, select Manage Distribution from the left navigation.
2. Under the Share Your App with Other Workspaces section:
   1. Expand the Add OAuth Redirect URLs section, and add https://localhost as the redirect URL.
   2. Expand the Remove Hard Coded Information section, and select the checkbox to confirm any hard coded information has been removed.
3. Click Activate Public Distribution or Activate Private Distribution.
4. In the Share Your App with Your Workspace section, copy the Sharable URL and paste it into a browser to initiate the OAuth handshake that will install the app on your organization. If you are running Slack Enterprise Grid Organization, you must be logged in as an admin or Owner of your to install the app.
5. Check the dropdown in the upper right of the installation screen to make sure you are installing the app on the organization, not an individual workspace within the organization.
6. Once the application is authorized, the URL in the address bar contains a 'code' parameter. Copy the value of that parameter.

📘

Note

The code expires ten minutes after it's generated. For more information, see Exchanging a temporary authorization code for an access token.

7. Retrieve the Client ID and Client Secret from the General Information section for the application.
8. Enter the copied 'code' value and the retrieved Client ID and Client Secret values in the following curl command: curl -vLk -F code=CODE_VALUE -F client_id=CLIENT_ID_VALUE -F client_secret=CLIENT_SECRET_VALUE https://slack.com/api/oauth.v2.access
9. Copy the resulting token.
10. Back in Axonius, paste the token in the Authentication Token field.

Grant Access on Specific Workspaces

This process is also specific for Slack Enterprise Grid Organization Solution to allow for fetching conversations from Slack.

1. Go to the following link, where {GRID_SUBDOMAIN} is the actual Grid subdomain: https://{GRID_SUBDOMAIN}.enterprise.slack.com/manage/organization/apps/profile/{{APP_ID}}
2. In the upper-right corner, Click Manage and select Add to more workspaces.
3. Select the Default for future workspaces checkbox.
4. On the left, select ALL the workspaces.
5. Click Next.
6. Click Next again.
7. Select the I’m ready to add this app checkbox, and then click Add. It may take a few minutes to add the app to all the Grid workspaces.

Related Enforcement Actions

• Slack - Send Message via Webhook
• Slack - Send Message to Channel
• Slack - Send Direct Message to Users
• Slack - Send Direct Message to Assets
• Slack - Send Direct Message to a User
• Slack - Create Group
• Slack - Create User
• Slack - Delete Group
• Slack - Update Group
• Slack - Update User
• Slack - Suspend User
• Slack - Assign Group to Users
• Slack - Assign Role to Users
• Slack - Assign Workspace to Channels
• Slack - Set Permissions to Users in Channel
• Slack - Assign Resource to Users