Fortinet black logo

Slack

Home FortiSOAR Connectors Slack

Slack v2.0.0

2.0.0
3.1.0
3.0.0
2.1.0
2.0.0
1.0.0
Copy Link
Copy Doc ID f8f90d81-f4a1-44c8-834e-116d85f93943:1

About the connector

Slack is a cloud-based set of proprietary team collaboration tools and services. Slack creates alignment and shared understanding across your team, making you more productive and less stressed. It brings all your team's communication together, giving everyone a shared workspace where conversations are organized and accessible.

This document provides information about the Slack connector, which facilitates automated interactions, with Slack using FortiSOAR™ playbooks. Add the Slack connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of all channels and users configured in your Slack cloud, retrieving information about a user that is configured in your Slack cloud and sending a message to a channel configured in your Slack cloud.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 6.0.0-790

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

Following enhancements have been made to the Slack connector in version 2.0.0:

  • Added the following operations and playbooks:
    • Get Message History
    • Create Channel
    • Get Channel Information
    • Rename Channel
    • Invite Users To Channel
    • Close Channel
  • Added the "Channel Types" parameter to the "Get Channels List" operation.
  • Added the "Search By" parameter to the "Get User Information" operation so that you can retrieve details for a specific user using the user ID, alias name, or username. Earlier users could only use user ID to search for a particular user.

Installing the connector

From version 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-slack

Prerequisites to configuring the connector

  • You must have the URL of the Slack cloud to which you will connect and perform the automated operations and the authentication token configured for your account to access that Slack cloud.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Slack connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL URL of the Slack cloud to which you will connect and perform automated operations.
Token Authentication Token that contains required scopes that are configured for your account for the Slack cloud to which you will connect and perform the automated operations.
For information on how to get an authentication token, see https://get.slack.help/hc/en-us/articles/215770388-Create-and-regenerate-API-tokens.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
Defaults to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from from version 4.10.0 onwards:

Function Description Annotation and Category
Get Message History Fetches the history of messages and events for a specific conversation from on your Slack cloud, based on the Channel ID and other input parameters that you have specified. get_message_history
Investigation
Create Channel Creates a new channel in your configured Slack cloud, based on the channel name and other input parameters that you have specified. create_channel
Investigation
Get Channels List Retrieves a list of channels and their details, available in a slack team, from your configured Slack cloud. get_channels
Investigation
Search Channel Retrieves detailed information about a specific channel, based on the channel name that you have specified, from your configured Slack cloud. get_channel
Investigation
Get Channel Information Retrieves information about conversations of a specific channel from your configured Slack cloud, based on the channel ID and other input parameters that you have specified. get_channel_info
Investigation
Rename Channel Renames a channel (conversation) on your configured Slack cloud based on the channel ID and new channel name that you have specified.
Note: You can rename a channel only if you are the owner of the channel or you have "admin" permissions.		 rename_channel
Investigation
Invite Users To Channel Invites users to a specified channel on your configured Slack cloud based on the channel ID and user IDs that you have specified. invite_user_to_channel
Investigation
Close Channel Closes a direct message or multi-person direct message on your configured Slack cloud based on the channel ID that you have specified. close_channel
Investigation
Get User List Retrieves a list of users and their details, available in a slack team, from your configured Slack cloud. get_users
Investigation
Get User Information Retrieves detailed information of a specific user from your configured Slack cloud based on the search criteria that you have specified. get_user
Investigation
Send Message Sends a message to a specific channel configured on your Slack cloud, based on the Channel ID and other input parameters that you have specified. send_message
Investigation
Upload File Uploads a file to a specific channel configured on your Slack cloud, based on the Channel ID and other input parameters that you have specified. upload_file
Miscellaneous

operation: Get Message History

Input parameters

Parameter Description
Channel ID/User ID Unique ID of the channel, private group, or IM channel whose conversation history you want to fetch from your Slack cloud.
Cursor Paginate through collections of data by setting the cursor parameter to the next_cursor attribute returned by a previous request's response_metadata. By default, the value fetched is the first "page" of the collection.
Inclusive Include messages with the latest or oldest timestamp in results only when either timestamp is specified. By default, this is set to 0.
Start Time Start datetime of the messages whose history you want to retrieve from your Slack cloud.
End Time End datetime of the messages whose history you want to retrieve from your Slack cloud.
Limit Maximum number of items that this operation should return.
Note: If you set the "Limit" parameter, then fewer than the requested number of items might be returned if the limit set is reached, even if the end of the users' list has not been reached.

Output

The output contains the following populated JSON schema:
{
"ok": "",
"has_more": "",
"messages": [
{
"ts": "",
"team": "",
"text": "",
"type": "",
"user": "",
"blocks": [
{
"type": "",
"block_id": "",
"elements": [
{
"type": "",
"elements": [
{
"text": "",
"type": ""
}
]
}
]
}
],
"client_msg_id": ""
}
],
"pin_count": "",
"response_metadata": {
"next_cursor": ""
},
"channel_actions_ts": "",
"channel_actions_count": ""
}

operation: Create Channel

Input parameters

Parameter Description
Channel Name Name of the public or private channel that you want to create on your Slack cloud.
Is Private Select this option to create a private channel on your Slack cloud. If you leave this unchecked then a public (default) channel will be created on your Slack cloud.

Output

The output contains the following populated JSON schema:
{
"channel": {
"is_mpim": "",
"is_archived": "",
"pending_connected_team_ids": [],
"is_ext_shared": "",
"is_shared": "",
"name_normalized": "",
"unlinked": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"is_open": "",
"is_group": "",
"is_pending_ext_shared": "",
"priority": "",
"shared_team_ids": [],
"last_read": "",
"is_private": "",
"name": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"pending_shared": [],
"id": "",
"is_org_shared": "",
"parent_conversation": "",
"creator": "",
"is_im": "",
"created": "",
"is_channel": "",
"is_member": "",
"is_general": ""
},
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Get Channels List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied and an unfiltered list is returned.

Parameter Description
Exclude Archived Select this option, i.e., set it as true, to exclude archived channels from the list of channels retrieved from your configured Slack cloud.
By default, this is set as false.
Maximum Records Maximum number of records you want this operation to return.
By default, this is set as 0.
Channel Types Types of channels that you want to retrieve from your configured Slack cloud. You can choose from the following options: Public Channel, Private Channel, Group messaging, or Direct Messages.
Cursor Paginate through collections of data by setting the cursor parameter to the next_cursor attribute returned by a previous request's response_metadata. By default, the value fetched is the first "page" of the collection.

Output

The JSON output contains a list of all channels along with their details, such as id, creator name, and purpose, present in a Slack team, retrieved from your configured Slack cloud.

The output contains the following populated JSON schema:
{
"channels": [
{
"is_private": "",
"is_org_shared": "",
"name": "",
"is_archived": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"id": "",
"is_shared": "",
"num_members": "",
"name_normalized": "",
"creator": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"created": "",
"is_mpim": "",
"is_channel": "",
"unlinked": "",
"previous_names": [],
"is_member": "",
"members": [],
"is_general": ""
}
],
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Search Channel

Input parameters

Parameter Description
Channel to Search Name of the channel whose details you want to retrieve from your configured Slack cloud.
Type of Search Type of filter option that you want to apply to the search operation.
You can choose from the following options: Exact, Contains, Starts With, or Ends With.

Output

The JSON output contains detailed information of a channel such as ID, creator name, and purpose, retrieved from your configured Slack cloud, based on the channel name that you have specified.

The output contains the following populated JSON schema:
{
"status": "",
"data": [
{
"is_private": "",
"is_org_shared": "",
"name": "",
"is_archived": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"id": "",
"is_shared": "",
"num_members": "",
"name_normalized": "",
"creator": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"created": "",
"is_mpim": "",
"is_channel": "",
"unlinked": "",
"previous_names": [],
"is_member": "",
"members": [],
"is_general": ""
}
],
"message": ""
}

operation: Get Channel Information

Input parameters

Parameter Description
Channel ID ID of the channel (conversations) you want to retrieve from your configured Slack cloud.
Include Locale Select this checkbox, i.e., set it to true to include the locale of the specified conversations retrieved from your configured Slack cloud. By default, this is set to false, i.e., the checkbox is unchecked.
Include Number Of Members Select this checkbox, i.e., set it to true, to include the member count of the specified conversations retrieved from your configured Slack cloud. By default, this is set to false, i.e., the checkbox is unchecked.

Output

The output contains the following populated JSON schema:
{
"channels": [
{
"is_private": "",
"is_org_shared": "",
"name": "",
"is_archived": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"id": "",
"is_shared": "",
"num_members": "",
"name_normalized": "",
"creator": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"created": "",
"is_mpim": "",
"is_channel": "",
"unlinked": "",
"previous_names": [],
"is_member": "",
"members": [],
"is_general": ""
}
],
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Rename Channel

Input parameters

Parameter Description
Channel ID ID of the channel you want to rename on your configured Slack cloud.
Channel Name New name that you want to assign to the specified channel on your configured Slack cloud.

Output

The output contains the following populated JSON schema:
{
"channel": {
"is_mpim": "",
"is_archived": "",
"pending_connected_team_ids": [],
"is_ext_shared": "",
"is_shared": "",
"name_normalized": "",
"unlinked": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"is_open": "",
"is_group": "",
"is_pending_ext_shared": "",
"shared_team_ids": [],
"last_read": "",
"is_private": "",
"name": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"pending_shared": [],
"id": "",
"is_org_shared": "",
"parent_conversation": "",
"creator": "",
"is_im": "",
"created": "",
"is_channel": "",
"is_member": "",
"is_general": ""
},
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Invite Users To Channel

Input parameters

Parameter Description
Channel ID ID of the public or private channel to which you want to invite specified users.
User IDs Comma-separated list of user IDs that you want to invite to the specified channel.
Note: You can list a maximum of 1000 users.

Output

The output contains the following populated JSON schema:
{
"channel": {
"is_mpim": "",
"is_archived": "",
"pending_connected_team_ids": [],
"is_ext_shared": "",
"is_shared": "",
"name_normalized": "",
"unlinked": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"is_open": "",
"is_group": "",
"is_pending_ext_shared": "",
"priority": "",
"shared_team_ids": [],
"last_read": "",
"is_private": "",
"name": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"pending_shared": [],
"id": "",
"is_org_shared": "",
"parent_conversation": "",
"creator": "",
"is_im": "",
"created": "",
"is_channel": "",
"is_member": "",
"is_general": ""
},
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Close Channel

Input parameters

Parameter Description
Channel ID ID of the direct message (channel) or multi-person direct message you want to close on your configured Slack cloud.

Output

The output contains the following populated JSON schema:
{
"no_op": "",
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": "",
"already_closed": ""
}

operation: Get User List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied and an unfiltered list is returned.

Parameter Description
Maximum Records Maximum number of records you want this operation to return.
By default, this is set as 0.
Cursor Set this parameter to a next_cursor attribute returned by a previous request's response_metadata.

Output

The JSON output contains a list of all members along with their profile details, such as last name, phone number, id, and team id, present in a Slack team, retrieved from your configured Slack cloud.

The output contains the following populated JSON schema:
{
"cache_ts": "",
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"server": "",
"vary": "",
"x-via": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"transfer-encoding": ""
},
"ok": "",
"members": [
{
"is_app_user": "",
"team_id": "",
"updated": "",
"name": "",
"is_restricted": "",
"deleted": "",
"is_owner": "",
"tz_label": "",
"color": "",
"tz_offset": "",
"is_admin": "",
"is_ultra_restricted": "",
"real_name": "",
"profile": {
"image_24": "",
"display_name_normalized": "",
"status_emoji": "",
"title": "",
"skype": "",
"image_512": "",
"status_expiration": "",
"image_192": "",
"team": "",
"avatar_hash": "",
"real_name_normalized": "",
"phone": "",
"image_32": "",
"always_active": "",
"real_name": "",
"status_text_canonical": "",
"display_name": "",
"status_text": "",
"image_72": "",
"fields": "",
"last_name": "",
"first_name": "",
"image_48": ""
},
"is_bot": "",
"is_primary_owner": "",
"id": "",
"tz": null
}
]
}

operation: Get User Information

Input parameters

Parameter Description
User ID Select the option using which you want to search for a particular user on your configured Slack cloud. You can choose from the following options: Alias, Username or User ID
If you choose Alias, then you must specify the following parameters:
  • Alias Name: Alias name of the user whose details you want to retrieve from your configured Slack cloud.
  • Search Type: Type of filter option that you want to apply to the search operation.
    You can choose from the following options: Exact, Contains, Starts With, or Ends With.
If you choose Username, then you must specify the following parameters:
  • Username To Search: Username of the user whose details you want to retrieve from your configured Slack cloud.
  • Search Type: Type of filter option that you want to apply to the search operation.
    You can choose from the following options: Exact, Contains, Starts With, or Ends With.
If you choose User ID, then you must specify the following parameters:
  • User ID: Unique ID of the users whose details you want to retrieve from your configured Slack cloud.
  • Include Locale: Select this option, i.e., set it as true to include locale information of the specified user retrieved from your configured Slack cloud.
    By default, this is set as false.

Output

The JSON output contains detailed information of the user such as name, real name, profile details, and team id, retrieved from your configured Slack cloud, based on the user ID that you have specified.

The output contains the following populated JSON schema:
{
"status": "",
"data": [
{
"is_app_user": "",
"team_id": "",
"updated": "",
"name": "",
"is_restricted": "",
"deleted": "",
"is_owner": "",
"tz_label": "",
"color": "",
"tz_offset": "",
"has_2fa": "",
"is_admin": "",
"is_ultra_restricted": "",
"real_name": "",
"profile": {
"image_24": "",
"display_name_normalized": "",
"status_emoji": "",
"title": "",
"skype": "",
"image_512": "",
"status_expiration": "",
"image_192": "",
"team": "",
"avatar_hash": "",
"real_name_normalized": "",
"last_name": "",
"phone": "",
"image_32": "",
"is_custom_image": "",
"real_name": "",
"status_text_canonical": "",
"display_name": "",
"status_text": "",
"image_1024": "",
"image_72": "",
"image_48": "",
"first_name": "",
"email": "",
"image_original": ""
},
"is_bot": "",
"is_primary_owner": "",
"id": "",
"tz": ""
}
],
"message": ""
}

operation: Send Message

Input parameters

Parameter Description
Channel ID Unique ID of the channel, private group, or IM channel to which you want to send the message on your configured Slack cloud.
Message Message that you want to send to the channel that you have specified on your configured Slack cloud.
Attachments JSON-based array of structured attachments.
For example:
[
{
"fallback": "ReferenceError - UI is not defined",
"text": "ReferenceError - UI is not defined",
"fields": [
{
"title": "Project",
"value": "Awesome Project",
"short": true
},
{
"title": "Environment",
"value": "production",
"short": true
}
],
"color": "#F35A00"
}
]
Note: For more information on how to set attachments, see https://api.slack.com/docs/message-attachments.

Output

The JSON output contains details of the message sent to the Slack channel that you have specified. Message details such as bot id, type, text, and attachment details, are included in the JSON output.

The output contains the following populated JSON schema:
{
"channel": "",
"ts": "",
"ok": "",
"message": {
"team": "",
"bot_profile": {
"app_id": "",
"team_id": "",
"name": "",
"id": "",
"updated": "",
"deleted": "",
"icons": {}
},
"text": "",
"bot_id": "",
"type": "",
"ts": "",
"user": ""
},
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
}
}

operation: Upload File

Input parameters

Note: You can upload only those files that are directly accessible from FortiSOAR™ to the Slack channels on your configured Slack cloud.

Parameter Description
Channel ID (Optional) Comma-separated list of channel names or IDs to which you want to upload the file on your configured Slack cloud.
Note: If you do not provide any channel ID, then the files will be stored in the 'Files' section of your configured Slack Cloud.
Title (Optional) Title of the file that you want to upload to the specified Slack channels.
File Name (Optional) Name of the file that you want to upload to the specified Slack channels.
File Type (Optional) Type of the file that you want to upload to the specified Slack channels.
File Reference Type of file reference that you will be providing for the file that you want to upload to the specified Slack channels.
You can choose from the following options: Attachment ID or File IRI.
  • If you choose Attachment ID, then you must specify the following parameter:
    • Attachment ID: ID of the attachment that you want to upload to the specified Slack channels. The Attachment ID is used to access the file directly from the FortiSOAR™ Attachments module.
  • If you choose File IRI, then you must specify the following parameter:
    • File IRI: IRI of the file that you want to upload to the specified Slack channels. The File IRI is used to access the file directly from FortiSOAR™.
Comment (Optional) Initial comment to add to the file that you want to upload to the specified Slack channels.

Output

The JSON output contains details of the file uploaded to the Slack channel that you have specified. File details such as file name, file type, timestamp, groups, and comments count, are included in the JSON output.

The output contains the following populated JSON schema:
{
"file": {
"thumb_360": "",
"thumb_80": "",
"title": "",
"thumb_360_h": "",
"filetype": "",
"url_private": "",
"url_private_download": "",
"permalink_public": "",
"thumb_160": "",
"permalink": "",
"lines_more": "",
"is_public": "",
"mode": "",
"public_url_shared": "",
"display_as_bot": "",
"mimetype": "",
"num_stars": "",
"ims": [],
"timestamp": "",
"created": "",
"size": "",
"pinned_to": [],
"reactions": [
{
"name": "",
"users": [],
"count": ""
}
],
"is_starred": "",
"pretty_type": "",
"editable": "",
"thumb_480_w": "",
"thumb_480_h": "",
"username": "",
"is_external": "",
"groups": [],
"comments_count": "",
"edit_link": "",
"preview": "",
"name": "",
"initial_comment": {},
"thumb_360_gif": "",
"external_type": "",
"user": "",
"lines": "",
"preview_highlight": "",
"thumb_480": "",
"thumb_64": "",
"thumb_360_w": "",
"channels": [],
"id": ""
},
"ok": ""
}

Included playbooks

The Sample - Slack - 2.0.0 playbook collection comes bundled with the Slack connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Slack connector.

  • Channel: Close Channel
  • Channel: Create Channel
  • Channel: Get Channels Information
  • Channel: Get Channels List
  • Channel: Rename Channel
  • Channel: Search Channel
  • Message: Get Message
  • Message: Send Message
  • Upload File
  • User: Get User Information
  • User: Get User List
  • User: Invite User To Channel

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next

About the connector

Slack is a cloud-based set of proprietary team collaboration tools and services. Slack creates alignment and shared understanding across your team, making you more productive and less stressed. It brings all your team's communication together, giving everyone a shared workspace where conversations are organized and accessible.

This document provides information about the Slack connector, which facilitates automated interactions, with Slack using FortiSOAR™ playbooks. Add the Slack connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of all channels and users configured in your Slack cloud, retrieving information about a user that is configured in your Slack cloud and sending a message to a channel configured in your Slack cloud.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 6.0.0-790

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

Following enhancements have been made to the Slack connector in version 2.0.0:

Installing the connector

From version 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-slack

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Slack connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL URL of the Slack cloud to which you will connect and perform automated operations.
Token Authentication Token that contains required scopes that are configured for your account for the Slack cloud to which you will connect and perform the automated operations.
For information on how to get an authentication token, see https://get.slack.help/hc/en-us/articles/215770388-Create-and-regenerate-API-tokens.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
Defaults to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from from version 4.10.0 onwards:

Function Description Annotation and Category
Get Message History Fetches the history of messages and events for a specific conversation from on your Slack cloud, based on the Channel ID and other input parameters that you have specified. get_message_history
Investigation
Create Channel Creates a new channel in your configured Slack cloud, based on the channel name and other input parameters that you have specified. create_channel
Investigation
Get Channels List Retrieves a list of channels and their details, available in a slack team, from your configured Slack cloud. get_channels
Investigation
Search Channel Retrieves detailed information about a specific channel, based on the channel name that you have specified, from your configured Slack cloud. get_channel
Investigation
Get Channel Information Retrieves information about conversations of a specific channel from your configured Slack cloud, based on the channel ID and other input parameters that you have specified. get_channel_info
Investigation
Rename Channel Renames a channel (conversation) on your configured Slack cloud based on the channel ID and new channel name that you have specified.
Note: You can rename a channel only if you are the owner of the channel or you have "admin" permissions.		 rename_channel
Investigation
Invite Users To Channel Invites users to a specified channel on your configured Slack cloud based on the channel ID and user IDs that you have specified. invite_user_to_channel
Investigation
Close Channel Closes a direct message or multi-person direct message on your configured Slack cloud based on the channel ID that you have specified. close_channel
Investigation
Get User List Retrieves a list of users and their details, available in a slack team, from your configured Slack cloud. get_users
Investigation
Get User Information Retrieves detailed information of a specific user from your configured Slack cloud based on the search criteria that you have specified. get_user
Investigation
Send Message Sends a message to a specific channel configured on your Slack cloud, based on the Channel ID and other input parameters that you have specified. send_message
Investigation
Upload File Uploads a file to a specific channel configured on your Slack cloud, based on the Channel ID and other input parameters that you have specified. upload_file
Miscellaneous

operation: Get Message History

Input parameters

Parameter Description
Channel ID/User ID Unique ID of the channel, private group, or IM channel whose conversation history you want to fetch from your Slack cloud.
Cursor Paginate through collections of data by setting the cursor parameter to the next_cursor attribute returned by a previous request's response_metadata. By default, the value fetched is the first "page" of the collection.
Inclusive Include messages with the latest or oldest timestamp in results only when either timestamp is specified. By default, this is set to 0.
Start Time Start datetime of the messages whose history you want to retrieve from your Slack cloud.
End Time End datetime of the messages whose history you want to retrieve from your Slack cloud.
Limit Maximum number of items that this operation should return.
Note: If you set the "Limit" parameter, then fewer than the requested number of items might be returned if the limit set is reached, even if the end of the users' list has not been reached.

Output

The output contains the following populated JSON schema:
{
"ok": "",
"has_more": "",
"messages": [
{
"ts": "",
"team": "",
"text": "",
"type": "",
"user": "",
"blocks": [
{
"type": "",
"block_id": "",
"elements": [
{
"type": "",
"elements": [
{
"text": "",
"type": ""
}
]
}
]
}
],
"client_msg_id": ""
}
],
"pin_count": "",
"response_metadata": {
"next_cursor": ""
},
"channel_actions_ts": "",
"channel_actions_count": ""
}

operation: Create Channel

Input parameters

Parameter Description
Channel Name Name of the public or private channel that you want to create on your Slack cloud.
Is Private Select this option to create a private channel on your Slack cloud. If you leave this unchecked then a public (default) channel will be created on your Slack cloud.

Output

The output contains the following populated JSON schema:
{
"channel": {
"is_mpim": "",
"is_archived": "",
"pending_connected_team_ids": [],
"is_ext_shared": "",
"is_shared": "",
"name_normalized": "",
"unlinked": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"is_open": "",
"is_group": "",
"is_pending_ext_shared": "",
"priority": "",
"shared_team_ids": [],
"last_read": "",
"is_private": "",
"name": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"pending_shared": [],
"id": "",
"is_org_shared": "",
"parent_conversation": "",
"creator": "",
"is_im": "",
"created": "",
"is_channel": "",
"is_member": "",
"is_general": ""
},
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Get Channels List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied and an unfiltered list is returned.

Parameter Description
Exclude Archived Select this option, i.e., set it as true, to exclude archived channels from the list of channels retrieved from your configured Slack cloud.
By default, this is set as false.
Maximum Records Maximum number of records you want this operation to return.
By default, this is set as 0.
Channel Types Types of channels that you want to retrieve from your configured Slack cloud. You can choose from the following options: Public Channel, Private Channel, Group messaging, or Direct Messages.
Cursor Paginate through collections of data by setting the cursor parameter to the next_cursor attribute returned by a previous request's response_metadata. By default, the value fetched is the first "page" of the collection.

Output

The JSON output contains a list of all channels along with their details, such as id, creator name, and purpose, present in a Slack team, retrieved from your configured Slack cloud.

The output contains the following populated JSON schema:
{
"channels": [
{
"is_private": "",
"is_org_shared": "",
"name": "",
"is_archived": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"id": "",
"is_shared": "",
"num_members": "",
"name_normalized": "",
"creator": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"created": "",
"is_mpim": "",
"is_channel": "",
"unlinked": "",
"previous_names": [],
"is_member": "",
"members": [],
"is_general": ""
}
],
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Search Channel

Input parameters

Parameter Description
Channel to Search Name of the channel whose details you want to retrieve from your configured Slack cloud.
Type of Search Type of filter option that you want to apply to the search operation.
You can choose from the following options: Exact, Contains, Starts With, or Ends With.

Output

The JSON output contains detailed information of a channel such as ID, creator name, and purpose, retrieved from your configured Slack cloud, based on the channel name that you have specified.

The output contains the following populated JSON schema:
{
"status": "",
"data": [
{
"is_private": "",
"is_org_shared": "",
"name": "",
"is_archived": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"id": "",
"is_shared": "",
"num_members": "",
"name_normalized": "",
"creator": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"created": "",
"is_mpim": "",
"is_channel": "",
"unlinked": "",
"previous_names": [],
"is_member": "",
"members": [],
"is_general": ""
}
],
"message": ""
}

operation: Get Channel Information

Input parameters

Parameter Description
Channel ID ID of the channel (conversations) you want to retrieve from your configured Slack cloud.
Include Locale Select this checkbox, i.e., set it to true to include the locale of the specified conversations retrieved from your configured Slack cloud. By default, this is set to false, i.e., the checkbox is unchecked.
Include Number Of Members Select this checkbox, i.e., set it to true, to include the member count of the specified conversations retrieved from your configured Slack cloud. By default, this is set to false, i.e., the checkbox is unchecked.

Output

The output contains the following populated JSON schema:
{
"channels": [
{
"is_private": "",
"is_org_shared": "",
"name": "",
"is_archived": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"id": "",
"is_shared": "",
"num_members": "",
"name_normalized": "",
"creator": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"created": "",
"is_mpim": "",
"is_channel": "",
"unlinked": "",
"previous_names": [],
"is_member": "",
"members": [],
"is_general": ""
}
],
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Rename Channel

Input parameters

Parameter Description
Channel ID ID of the channel you want to rename on your configured Slack cloud.
Channel Name New name that you want to assign to the specified channel on your configured Slack cloud.

Output

The output contains the following populated JSON schema:
{
"channel": {
"is_mpim": "",
"is_archived": "",
"pending_connected_team_ids": [],
"is_ext_shared": "",
"is_shared": "",
"name_normalized": "",
"unlinked": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"is_open": "",
"is_group": "",
"is_pending_ext_shared": "",
"shared_team_ids": [],
"last_read": "",
"is_private": "",
"name": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"pending_shared": [],
"id": "",
"is_org_shared": "",
"parent_conversation": "",
"creator": "",
"is_im": "",
"created": "",
"is_channel": "",
"is_member": "",
"is_general": ""
},
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Invite Users To Channel

Input parameters

Parameter Description
Channel ID ID of the public or private channel to which you want to invite specified users.
User IDs Comma-separated list of user IDs that you want to invite to the specified channel.
Note: You can list a maximum of 1000 users.

Output

The output contains the following populated JSON schema:
{
"channel": {
"is_mpim": "",
"is_archived": "",
"pending_connected_team_ids": [],
"is_ext_shared": "",
"is_shared": "",
"name_normalized": "",
"unlinked": "",
"purpose": {
"creator": "",
"value": "",
"last_set": ""
},
"is_open": "",
"is_group": "",
"is_pending_ext_shared": "",
"priority": "",
"shared_team_ids": [],
"last_read": "",
"is_private": "",
"name": "",
"topic": {
"creator": "",
"value": "",
"last_set": ""
},
"pending_shared": [],
"id": "",
"is_org_shared": "",
"parent_conversation": "",
"creator": "",
"is_im": "",
"created": "",
"is_channel": "",
"is_member": "",
"is_general": ""
},
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": ""
}

operation: Close Channel

Input parameters

Parameter Description
Channel ID ID of the direct message (channel) or multi-person direct message you want to close on your configured Slack cloud.

Output

The output contains the following populated JSON schema:
{
"no_op": "",
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
},
"ok": "",
"already_closed": ""
}

operation: Get User List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied and an unfiltered list is returned.

Parameter Description
Maximum Records Maximum number of records you want this operation to return.
By default, this is set as 0.
Cursor Set this parameter to a next_cursor attribute returned by a previous request's response_metadata.

Output

The JSON output contains a list of all members along with their profile details, such as last name, phone number, id, and team id, present in a Slack team, retrieved from your configured Slack cloud.

The output contains the following populated JSON schema:
{
"cache_ts": "",
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"server": "",
"vary": "",
"x-via": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"transfer-encoding": ""
},
"ok": "",
"members": [
{
"is_app_user": "",
"team_id": "",
"updated": "",
"name": "",
"is_restricted": "",
"deleted": "",
"is_owner": "",
"tz_label": "",
"color": "",
"tz_offset": "",
"is_admin": "",
"is_ultra_restricted": "",
"real_name": "",
"profile": {
"image_24": "",
"display_name_normalized": "",
"status_emoji": "",
"title": "",
"skype": "",
"image_512": "",
"status_expiration": "",
"image_192": "",
"team": "",
"avatar_hash": "",
"real_name_normalized": "",
"phone": "",
"image_32": "",
"always_active": "",
"real_name": "",
"status_text_canonical": "",
"display_name": "",
"status_text": "",
"image_72": "",
"fields": "",
"last_name": "",
"first_name": "",
"image_48": ""
},
"is_bot": "",
"is_primary_owner": "",
"id": "",
"tz": null
}
]
}

operation: Get User Information

Input parameters

Parameter Description
User ID Select the option using which you want to search for a particular user on your configured Slack cloud. You can choose from the following options: Alias, Username or User ID
If you choose Alias, then you must specify the following parameters:
  • Alias Name: Alias name of the user whose details you want to retrieve from your configured Slack cloud.
  • Search Type: Type of filter option that you want to apply to the search operation.
    You can choose from the following options: Exact, Contains, Starts With, or Ends With.
If you choose Username, then you must specify the following parameters:
  • Username To Search: Username of the user whose details you want to retrieve from your configured Slack cloud.
  • Search Type: Type of filter option that you want to apply to the search operation.
    You can choose from the following options: Exact, Contains, Starts With, or Ends With.
If you choose User ID, then you must specify the following parameters:
  • User ID: Unique ID of the users whose details you want to retrieve from your configured Slack cloud.
  • Include Locale: Select this option, i.e., set it as true to include locale information of the specified user retrieved from your configured Slack cloud.
    By default, this is set as false.

Output

The JSON output contains detailed information of the user such as name, real name, profile details, and team id, retrieved from your configured Slack cloud, based on the user ID that you have specified.

The output contains the following populated JSON schema:
{
"status": "",
"data": [
{
"is_app_user": "",
"team_id": "",
"updated": "",
"name": "",
"is_restricted": "",
"deleted": "",
"is_owner": "",
"tz_label": "",
"color": "",
"tz_offset": "",
"has_2fa": "",
"is_admin": "",
"is_ultra_restricted": "",
"real_name": "",
"profile": {
"image_24": "",
"display_name_normalized": "",
"status_emoji": "",
"title": "",
"skype": "",
"image_512": "",
"status_expiration": "",
"image_192": "",
"team": "",
"avatar_hash": "",
"real_name_normalized": "",
"last_name": "",
"phone": "",
"image_32": "",
"is_custom_image": "",
"real_name": "",
"status_text_canonical": "",
"display_name": "",
"status_text": "",
"image_1024": "",
"image_72": "",
"image_48": "",
"first_name": "",
"email": "",
"image_original": ""
},
"is_bot": "",
"is_primary_owner": "",
"id": "",
"tz": ""
}
],
"message": ""
}

operation: Send Message

Input parameters

Parameter Description
Channel ID Unique ID of the channel, private group, or IM channel to which you want to send the message on your configured Slack cloud.
Message Message that you want to send to the channel that you have specified on your configured Slack cloud.
Attachments JSON-based array of structured attachments.
For example:
[
{
"fallback": "ReferenceError - UI is not defined",
"text": "ReferenceError - UI is not defined",
"fields": [
{
"title": "Project",
"value": "Awesome Project",
"short": true
},
{
"title": "Environment",
"value": "production",
"short": true
}
],
"color": "#F35A00"
}
]
Note: For more information on how to set attachments, see https://api.slack.com/docs/message-attachments.

Output

The JSON output contains details of the message sent to the Slack channel that you have specified. Message details such as bot id, type, text, and attachment details, are included in the JSON output.

The output contains the following populated JSON schema:
{
"channel": "",
"ts": "",
"ok": "",
"message": {
"team": "",
"bot_profile": {
"app_id": "",
"team_id": "",
"name": "",
"id": "",
"updated": "",
"deleted": "",
"icons": {}
},
"text": "",
"bot_id": "",
"type": "",
"ts": "",
"user": ""
},
"headers": {
"x-accepted-oauth-scopes": "",
"access-control-expose-headers": "",
"access-control-allow-headers": "",
"access-control-allow-origin": "*",
"strict-transport-security": "",
"referrer-policy": "",
"x-content-type-options": "",
"x-slack-req-id": "",
"x-oauth-scopes": "",
"content-encoding": "",
"x-slack-backend": "",
"x-xss-protection": "",
"content-length": "",
"server": "",
"vary": "",
"date": "",
"pragma": "",
"content-type": "",
"cache-control": "",
"expires": "",
"x-via": ""
}
}

operation: Upload File

Input parameters

Note: You can upload only those files that are directly accessible from FortiSOAR™ to the Slack channels on your configured Slack cloud.

Parameter Description
Channel ID (Optional) Comma-separated list of channel names or IDs to which you want to upload the file on your configured Slack cloud.
Note: If you do not provide any channel ID, then the files will be stored in the 'Files' section of your configured Slack Cloud.
Title (Optional) Title of the file that you want to upload to the specified Slack channels.
File Name (Optional) Name of the file that you want to upload to the specified Slack channels.
File Type (Optional) Type of the file that you want to upload to the specified Slack channels.
File Reference Type of file reference that you will be providing for the file that you want to upload to the specified Slack channels.
You can choose from the following options: Attachment ID or File IRI.
  • If you choose Attachment ID, then you must specify the following parameter:
    • Attachment ID: ID of the attachment that you want to upload to the specified Slack channels. The Attachment ID is used to access the file directly from the FortiSOAR™ Attachments module.
  • If you choose File IRI, then you must specify the following parameter:
    • File IRI: IRI of the file that you want to upload to the specified Slack channels. The File IRI is used to access the file directly from FortiSOAR™.
Comment (Optional) Initial comment to add to the file that you want to upload to the specified Slack channels.

Output

The JSON output contains details of the file uploaded to the Slack channel that you have specified. File details such as file name, file type, timestamp, groups, and comments count, are included in the JSON output.

The output contains the following populated JSON schema:
{
"file": {
"thumb_360": "",
"thumb_80": "",
"title": "",
"thumb_360_h": "",
"filetype": "",
"url_private": "",
"url_private_download": "",
"permalink_public": "",
"thumb_160": "",
"permalink": "",
"lines_more": "",
"is_public": "",
"mode": "",
"public_url_shared": "",
"display_as_bot": "",
"mimetype": "",
"num_stars": "",
"ims": [],
"timestamp": "",
"created": "",
"size": "",
"pinned_to": [],
"reactions": [
{
"name": "",
"users": [],
"count": ""
}
],
"is_starred": "",
"pretty_type": "",
"editable": "",
"thumb_480_w": "",
"thumb_480_h": "",
"username": "",
"is_external": "",
"groups": [],
"comments_count": "",
"edit_link": "",
"preview": "",
"name": "",
"initial_comment": {},
"thumb_360_gif": "",
"external_type": "",
"user": "",
"lines": "",
"preview_highlight": "",
"thumb_480": "",
"thumb_64": "",
"thumb_360_w": "",
"channels": [],
"id": ""
},
"ok": ""
}

Included playbooks

The Sample - Slack - 2.0.0 playbook collection comes bundled with the Slack connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Slack connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next