Slack
Overview
This guide provides step-by-step instructions for configuring the Slack integration with AlphaSOC. Organizations that already capture Slack audit log data should refer to the Collecting Data section for instructions on how to submit telemetry to AlphaSOC.
For environments without established Slack monitoring, this document outlines the process for creating a Slack application with audit log access and generating the OAuth token required for data collection.
Prerequisites
- Slack workspace with an Enterprise Grid plan
- Administrative access to the Slack workspace
Create an API Token
Navigate to Slack API > Your Apps and log in using admin credentials.
Click Create New App and select From Scratch.
Enter a name and select a workspace to develop the app in. Click Create App.
Select the app, navigate to Settings > OAuth & Permissions. Scroll down to
the section titled Scopes, then under User Token Scopes click Add an
OAuth Scope and add the auditlogs:read scope.
Go to Settings, click on the Install App tab in the left sidebar, then
click Install to <workspace>.
After the app is installed, navigate to the OAuth & Permissions tab in the left sidebar. Under OAuth Tokens, locate the User OAuth Token and copy its value.
Configure Data Transport
After obtaining the OAuth token, choose a data transport method for submitting Slack telemetry to AlphaSOC. You can either configure one of the available transports detailed in the Collecting Data section or provide AlphaSOC with the token value directly.