Slack

Details
Content
Dependencies
Version History

Interact with Slack API - collect logs, send messages and notifications to your Slack team.

Send messages and notifications to your Slack team and integrates with Slack's services to execute create, read, update, and delete operations for employee lifecycle processes.

What does this pack do?

Mirrors the investigation between Slack and the Cortex XSOAR War Room.
Sends a message to a user, group, or channel.
Archives a Slack channel.
Sends a file to a user, channel, or group.
Sets the topic for a channel.
Creates a channel in Slack.
Invites users to join a channel.
Removes users from the specified channel.
Renames a channel in Slack.
Gets details about a specified user.
Returns the integration con
text as a file (for debugging purposes only).

As part of this pack, you will get a playbook that investigates failed login events.

Send messages and notifications to your Slack team and integrates with Slack's services to execute create, read, update, and delete operations for employee lifecycle processes.

What does this pack do?

Mirrors the investigation between Slack and the Cortex War Room.
Sends a message to a user, group, or channel.
Archives a Slack channel.
Sends a file to a user, channel, or group.
Sets the topic for a channel.
Creates a channel in Slack.
Invites users to join a channel.
Removes users from the specified channel.
Renames a channel in Slack.
Gets details about a specified user.
Returns the integration con
text as a file (for debugging purposes only).

As part of this pack, you will get a playbook that investigates failed login events.

Automations

Name	Description
SlackBlockBuilder	SlackBlockBuilder will format a given Slack block into a format readable by the SlackV3 integration. The script will also send the block to the given destination. Make sure to mark Trust any certificate and fill the XSOAR API Key integration parameters if you want to get a response to the incident context.
SlackAskV2	Sends a message (question) to either user (in a direct message) or to a channel. The message includes predefined reply options. The response can also close a task (might be conditional) in a playbook. Note: a message maximum length is 3000 characters enforced by Slack API.
SlackAsk	Sends a message (question) to either user (in a direct message) or to a channel. The message includes predefined reply options. The response can also close a task (might be conditional) in a playbook.
GetSlackBlockBuilderResponse	GetSlackBlockBuilderResponse will format a SlackBlockBuilder response and insert it into an incident's context.

Classifiers

Name	Description
Slack Classifier
Slack Mapper

Integrations

Name	Description
Slack v3	Send messages and notifications to your Slack team.
Slack IAM	Integrate with Slack's services to execute CRUD operations for employee lifecycle processes.
Slack v2 (Deprecated)	Deprecated. Use SlackV3 instead.

Playbooks

Name	Description
Slack - General Failed Logins v2.1	Investigates a failed login event. The playbook interacts with the user via the Slack integration, checks whether the logins were a result of the user's attempts or an attack, raises the severity, and expires the user's password according to the user's replies.
SlackBlockBuilderResponseExample	This is an example of how to use the SlackBlockBuilder within a playbook.

Automations

Name	Description
SlackBlockBuilder	SlackBlockBuilder will format a given Slack block into a format readable by the SlackV3 integration. The script will also send the block to the given destination. Make sure to mark Trust any certificate and fill the XSOAR API Key integration parameters if you want to get a response to the incident context.
SlackAsk	Sends a message (question) to either user (in a direct message) or to a channel. The message includes predefined reply options. The response can also close a task (might be conditional) in a playbook.
GetSlackBlockBuilderResponse	GetSlackBlockBuilderResponse will format a SlackBlockBuilder response and insert it into an incident's context.
SlackAskV2	Sends a message (question) to either user (in a direct message) or to a channel. The message includes predefined reply options. The response can also close a task (might be conditional) in a playbook. Note: a message maximum length is 3000 characters enforced by Slack API.

Classifiers

Name	Description
Slack Classifier
Slack Mapper

Integrations

Name	Description
Slack Event Collector	Slack logs event collector integration for XSIAM.
Slack v3	Send messages and notifications to your Slack team.
Slack IAM	Integrate with Slack's services to execute CRUD operations for employee lifecycle processes.
Slack v2 (Deprecated)	Deprecated. Use SlackV3 instead.

Modeling Rules

Name	Description
Slack Modeling Rule

Parsing Rules

Name	Description
Slack Parsing Rule

Playbooks

Name	Description
Slack - General Failed Logins v2.1	Investigates a failed login event. The playbook interacts with the user via the Slack integration, checks whether the logins were a result of the user's attempts or an attack, raises the severity, and expires the user's password according to the user's replies.
SlackBlockBuilderResponseExample	This is an example of how to use the SlackBlockBuilder within a playbook.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Types	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (4)

Pack Name	Pack By
Active Directory Query	By: Cortex XSOAR
Microsoft Teams	By: Cortex XSOAR
Password Reset via Chatbot	By: Cortex XSOAR
Syslog	By: Cortex XSOAR

All level dependencies (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Types	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

3.5.10 - R2395597 (February 10, 2025)

Integrations

Slack v3

Updated the SlackV3 integration to support the deprecatedContentInUse tag under permitted_notifications.

Related pull requests:
- 38465

Download

3.5.9 - 2124314 (February 2, 2025)

Integrations

Slack v3

Updated the regex of the user ID in slack-get-user-details command and its description.

Related pull requests:
- 38435

Download

3.5.8 - 2079234 (January 26, 2025)

Integrations

Slack v3

Updated the SlackV3 integration to display the Types of Notifications to Send configuration only Cortex XSOAR.

Related pull requests:
- 38324

Download

3.5.7 - 2040490 (January 22, 2025)

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Integrations

Slack v3

Improved implementation by adding more logs.
Added support for lookup users by their user IDs.
Updated the Docker image to: demisto/slackv3:1.0.0.117556.

Related pull requests:
- 38251

Download

3.5.5 - 1931958 (January 6, 2025)

Playbooks

Slack - General Failed Logins v2.1

Documentation and metadata improvements.

Related pull requests:
- 37492

Download

3.5.4 - 1834150 (December 18, 2024)

Integrations

Slack v3

Deprecated the permitted_notifications parameter.

Related pull requests:
- 37699

Download

3.5.3 - R1709192 (November 26, 2024)

Scripts

SlackBlockBuilder

Documentation and metadata improvements.

Related pull requests:
- 37313

Download

3.5.2 - 1647729 (November 14, 2024)

Scripts

SlackAskV2

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.11.10.115186.

SlackBlockBuilder

Updated the Docker image to: demisto/python3:3.11.10.115186.

SlackAsk

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

3.5.1 - R1627458 (November 12, 2024)

Integrations

Slack IAM

Updated the Docker image to: demisto/python3:3.11.10.113941.

Scripts

SlackBlockBuilder

Updated the Docker image to: demisto/python3:3.11.10.113941.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.11.10.113941.

SlackAsk

Updated the Docker image to: demisto/python3:3.11.10.113941.

SlackAskV2

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

3.5.0 - 1584792 (November 3, 2024)

Integrations

Slack v3

Updated the slack-send-file command to be compatible with all apps - including newly created apps from May 8, 2024.

Related pull requests:
- 36719

Download

3.4.19 - 1436534 (September 26, 2024)

Integrations

Slack v3

Updated the Docker image to: demisto/slackv3:1.0.0.112417.

Related pull requests:
- 36523

Download

3.4.18 - 1277948 (August 15, 2024)

Integrations

Slack v3

Updated the slack_send_file command to return an error when called to newly created apps from May 8, 2024, due to Slack's deprecation changes.

Related pull requests:
- 35883

Download

3.4.17 - 1124076 (June 26, 2024)

Integrations

Slack v3

Breaking Changes Updated the test to validate Types of Notifications to Send param for XSIAM, since not all the options are supported there.
Updated the docker image to demisto/slackv3:1.0.0.99303.

Related pull requests:
- 34731

Download

3.4.16 - 1099854 (June 17, 2024)

Integrations

Slack v3

Added support for Xpanse marketplace.

Slack IAM

Updated the Docker image to: demisto/python3:3.10.14.97608.

Scripts

SlackAsk

Updated the Docker image to: demisto/python3:3.10.14.97608.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.10.14.97608.

Related pull requests:
- 34827
- 34883

Download

3.4.15 - 1076296 (June 6, 2024)

Integrations

Slack v3

Fixed an issue where classifier and mapper were missing in instance configuration.
Updated the Docker image to: demisto/slackv3:1.0.0.97264.

Related pull requests:
- 34758

Download

3.4.14 - R1061293 (June 2, 2024)

Scripts

SlackBlockBuilder

Fixed an issue where the script failed with an uninformative response.

Related pull requests:
- 34552

Download

3.4.13 - R1047063 (May 27, 2024)

Integrations

Slack v3

Improved the integration error handling.

Related pull requests:
- 34085

Download

3.4.12 - 995825 (May 5, 2024)

Scripts

SlackAskV2

Added a disclaimer for the message argument, stating it cannot be longer than 3000 characters per Slack API docs.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Related pull requests:
- 34187

Download

3.4.11 - 991900 (May 3, 2024)

Integrations

Slack v3

Fixed an issue where errors would cause the integration to time out.
The Common Channels parameter can now be delimited by newlines, not only commas.

Related pull requests:
- 34166

Download

3.4.10 - 913451 (March 25, 2024)

Integrations

Slack IAM

Maintenance and stability enhancements.

Scripts

SlackBlockBuilder

Fixed an issue where the blocks were not parsed correctly, when the blocks_url argument contains more than one # symbol.
Updated the Docker image to: demisto/python3:3.10.13.90168.

Related pull requests:
- 31905

Download

3.4.8 - 876540 (March 7, 2024)

Scripts

SlackBlockBuilder

Added the thread_id input to the SlackBlockBuilder automation script to send replies to Slack threads. Added a SlackBlockBuilder context output key that holds the thread_id and other Slack metadata.
Updated the Docker image to: demisto/python3:3.10.13.89009.

Related pull requests:
- 33253
- 32965

Download

3.4.7 - 860237 (February 29, 2024)

Integrations

Slack v3

Fixed an issue where the send-notification command did not send the correct URL on Slack message.
Updated the Docker image to: demisto/slackv3:1.0.0.88538.

Related pull requests:
- 33113

Download

3.4.6 - 837109 (February 19, 2024)

Integrations

Slack v3

Added support for mirroring files from xsoar to slack.
Added the Enable Outbound File Mirroring integration parameter to allow file mirroring from xsoar to slack. The parameter is unchecked by default, disabling file mirroring.
Updated the Docker image to: demisto/slackv3:1.0.0.87650.

Related pull requests:
- 32611

Download

3.4.5 - 836299 (February 18, 2024)

Integrations

Slack IAM

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

3.5.10 - R2429474 (February 11, 2025)

Integrations

Slack v3

Updated the SlackV3 integration to support the deprecatedContentInUse tag under permitted_notifications.

Related pull requests:
- 38465

Download

3.5.9 - 2124314 (February 2, 2025)

Integrations

Slack v3

Updated the regex of the user ID in slack-get-user-details command and its description.

Related pull requests:
- 38435

Download

3.5.8 - 2079234 (January 26, 2025)

Integrations

Slack v3

Updated the SlackV3 integration to display the Types of Notifications to Send configuration only Cortex XSOAR.

Related pull requests:
- 38324

Download

3.5.7 - 2040490 (January 22, 2025)

Slack

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Integrations

Slack v3

Improved implementation by adding more logs.
Added support for lookup users by their user IDs.
Updated the Docker image to: demisto/slackv3:1.0.0.117556.

Related pull requests:
- 38251

Download

3.5.5 - 1931958 (January 6, 2025)

Playbooks

Slack - General Failed Logins v2.1

Documentation and metadata improvements.

Related pull requests:
- 37492

Download

3.5.4 - 1834150 (December 18, 2024)

Integrations

Slack v3

Deprecated the permitted_notifications parameter.

Related pull requests:
- 37699

Download

3.5.3 - R1709192 (November 26, 2024)

Scripts

SlackBlockBuilder

Documentation and metadata improvements.

Related pull requests:
- 37313

Download

3.5.2 - 1647729 (November 14, 2024)

Integrations

Slack Event Collector

Updated the Docker image to: demisto/python3:3.11.10.115186.

Scripts

SlackAskV2

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.11.10.115186.

SlackBlockBuilder

Updated the Docker image to: demisto/python3:3.11.10.115186.

SlackAsk

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

3.5.1 - R1627458 (November 12, 2024)

Integrations

Slack Event Collector

Updated the Docker image to: demisto/python3:3.11.10.113941.

Slack IAM

Updated the Docker image to: demisto/python3:3.11.10.113941.

Scripts

SlackBlockBuilder

Updated the Docker image to: demisto/python3:3.11.10.113941.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.11.10.113941.

SlackAsk

Updated the Docker image to: demisto/python3:3.11.10.113941.

SlackAskV2

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

3.5.0 - 1584792 (November 3, 2024)

Integrations

Slack v3

Updated the slack-send-file command to be compatible with all apps - including newly created apps from May 8, 2024.

Related pull requests:
- 36719

Download

3.4.19 - 1436534 (September 26, 2024)

Integrations

Slack v3

Updated the Docker image to: demisto/slackv3:1.0.0.112417.

Related pull requests:
- 36523

Download

3.4.18 - 1277948 (August 15, 2024)

Integrations

Slack v3

Updated the slack_send_file command to return an error when called to newly created apps from May 8, 2024, due to Slack's deprecation changes.

Related pull requests:
- 35883

Download

3.4.17 - 1124076 (June 26, 2024)

Integrations

Slack v3

Breaking Changes Updated the test to validate Types of Notifications to Send param for XSIAM, since not all the options are supported there.
Updated the docker image to demisto/slackv3:1.0.0.99303.

Related pull requests:
- 34731

Download

3.4.16 - 1099854 (June 17, 2024)

Integrations

Slack v3

Added support for Xpanse marketplace.

Slack Event Collector

Updated the Docker image to: demisto/python3:3.10.14.97608.

Slack IAM

Updated the Docker image to: demisto/python3:3.10.14.97608.

Scripts

SlackAsk

Updated the Docker image to: demisto/python3:3.10.14.97608.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.10.14.97608.

Related pull requests:
- 34827
- 34883

Download

3.4.15 - 1076296 (June 6, 2024)

Integrations

Slack v3

Fixed an issue where classifier and mapper were missing in instance configuration.
Updated the Docker image to: demisto/slackv3:1.0.0.97264.

Related pull requests:
- 34758

Download

3.4.14 - R1054698 (May 29, 2024)

Scripts

SlackBlockBuilder

Fixed an issue where the script failed with an uninformative response.

Related pull requests:
- 34552

Download

3.4.13 - R1047063 (May 27, 2024)

Integrations

Slack v3

Improved the integration error handling.

Related pull requests:
- 34085

Download

3.4.12 - 995825 (May 5, 2024)

Scripts

SlackAskV2

Added a disclaimer for the message argument, stating it cannot be longer than 3000 characters per Slack API docs.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Related pull requests:
- 34187

Download

3.4.11 - 991900 (May 3, 2024)

Integrations

Slack v3

Fixed an issue where errors would cause the integration to time out.
The Common Channels parameter can now be delimited by newlines, not only commas.

Related pull requests:
- 34166

Download

3.4.10 - 913451 (March 25, 2024)

Integrations

Slack IAM

Maintenance and stability enhancements.

Scripts

SlackBlockBuilder

Fixed an issue where the blocks were not parsed correctly, when the blocks_url argument contains more than one # symbol.
Updated the Docker image to: demisto/python3:3.10.13.90168.

Related pull requests:
- 31905

Download

3.4.8 - 876540 (March 7, 2024)

Scripts

SlackBlockBuilder

Added the thread_id input to the SlackBlockBuilder automation script to send replies to Slack threads. Added a SlackBlockBuilder context output key that holds the thread_id and other Slack metadata.
Updated the Docker image to: demisto/python3:3.10.13.89009.

Related pull requests:
- 33253
- 32965

Download

3.4.7 - 860237 (February 29, 2024)

Integrations

Slack v3

Fixed an issue where the send-notification command did not send the correct URL on Slack message.
Updated the Docker image to: demisto/slackv3:1.0.0.88538.

Related pull requests:
- 33113

Download

3.4.6 - 837109 (February 19, 2024)

Integrations

Slack v3

Added support for mirroring files from xsoar to slack.
Added the Enable Outbound File Mirroring integration parameter to allow file mirroring from xsoar to slack. The parameter is unchecked by default, disabling file mirroring.
Updated the Docker image to: demisto/slackv3:1.0.0.87650.

Related pull requests:
- 32611

Download

3.4.5 - 836299 (February 18, 2024)

Integrations

Slack IAM

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	August 13, 2020
Last Release	February 10, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.