Slack | Marketplace

Details
Content
Dependencies
Version History

Interact with Slack API - collect logs, send messages and notifications to your Slack team.

Send messages and notifications to your Slack team and integrates with Slack's services to execute create, read, update, and delete operations for employee lifecycle processes.

What does this pack do?

Mirrors the investigation between Slack and the Cortex XSOAR War Room.
Sends a message to a user, group, or channel.
Archives a Slack channel.
Sends a file to a user, channel, or group.
Sets the topic for a channel.
Creates a channel in Slack.
Invites users to join a channel.
Removes users from the specified channel.
Renames a channel in Slack.
Gets details about a specified user.
Returns the integration context as a file (for debugging purposes only).

As part of this pack, you will get a playbook that investigates failed login events.

Send messages and notifications to your Slack team and integrates with Slack's services to execute create, read, update, and delete operations for employee lifecycle processes.

What does this pack do?

Mirrors the investigation between Slack and the Cortex XSIAM War Room.
Sends a message to a user, group, or channel.
Archives a Slack channel.
Sends a file to a user, channel, or group.
Sets the topic for a channel.
Creates a channel in Slack.
Invites users to join a channel.
Removes users from the specified channel.
Renames a channel in Slack.
Gets details about a specified user.
Returns the integration context as a file (for debugging purposes only).

As part of this pack, you will get a playbook that investigates failed login events.

Automations

Name	Description
SlackBlockBuilder	SlackBlockBuilder will format a given Slack block into a format readable by the SlackV3 integration. The script will also send the block to the given destination. Make sure to mark Trust any certificate and fill the XSOAR API Key integration parameters if you want to get a response to the incident context.
SlackAsk	Sends a message (question) to either user (in a direct message) or to a channel. The message includes predefined reply options. The response can also close a task (might be conditional) in a playbook.
GetSlackBlockBuilderResponse	GetSlackBlockBuilderResponse will format a SlackBlockBuilder response and insert it into an incident's context.
SlackAskV2	Sends a message (question) to either user (in a direct message) or to a channel. The message includes predefined reply options. The response can also close a task (might be conditional) in a playbook. Note: a message maximum length is 3000 characters enforced by Slack API.

Classifiers

Name	Description
Slack Classifier
Slack Mapper

Integrations

Name	Description
Slack v2 (Deprecated)	Deprecated. Use SlackV3 instead.
Slack IAM	Integrate with Slack's services to execute CRUD operations for employee lifecycle processes.
Slack v3	Send messages and notifications to your Slack team.

Playbooks

Name	Description
Slack - General Failed Logins v2.1	Investigates a failed login event. The playbook interacts with the user via the Slack integration, checks whether the logins were a result of the user's attempts or an attack, raises the severity, and expires the user's password according to the user's replies.
SlackBlockBuilderResponseExample	This is an example of how to use the SlackBlockBuilder within a playbook.

Automations

Name	Description
GetSlackBlockBuilderResponse	GetSlackBlockBuilderResponse will format a SlackBlockBuilder response and insert it into an incident's context.
SlackAsk	Sends a message (question) to either user (in a direct message) or to a channel. The message includes predefined reply options. The response can also close a task (might be conditional) in a playbook.
SlackAskV2	Sends a message (question) to either user (in a direct message) or to a channel. The message includes predefined reply options. The response can also close a task (might be conditional) in a playbook. Note: a message maximum length is 3000 characters enforced by Slack API.
SlackBlockBuilder	SlackBlockBuilder will format a given Slack block into a format readable by the SlackV3 integration. The script will also send the block to the given destination. Make sure to mark Trust any certificate and fill the XSOAR API Key integration parameters if you want to get a response to the incident context.

Classifiers

Name	Description
Slack Classifier
Slack Mapper

Integrations

Name	Description
Slack Event Collector	Slack logs event collector integration for XSIAM.
Slack v2 (Deprecated)	Deprecated. Use SlackV3 instead.
Slack IAM	Integrate with Slack's services to execute CRUD operations for employee lifecycle processes.
Slack v3	Send messages and notifications to your Slack team.

Modeling Rules

Name	Description
Slack Modeling Rule

Parsing Rules

Name	Description
Slack Parsing Rule

Playbooks

Name	Description
Slack - General Failed Logins v2.1	Investigates a failed login event. The playbook interacts with the user via the Slack integration, checks whether the logins were a result of the user's attempts or an attack, raises the severity, and expires the user's password according to the user's replies.
SlackBlockBuilderResponseExample	This is an example of how to use the SlackBlockBuilder within a playbook.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Types	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (4)

Pack Name	Pack By
Active Directory Query	By: Cortex XSOAR
Microsoft Teams	By: Cortex XSOAR
Password Reset via Chatbot	By: Cortex XSOAR
Syslog	By: Cortex XSOAR

All level dependencies (4)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Types	By: Cortex XSOAR
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

3.5.2 - 1647729 (November 14, 2024)

Scripts

SlackAskV2

Updated the Docker image to: demisto/python3:3.11.10.115186.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.11.10.115186.

SlackBlockBuilder

Updated the Docker image to: demisto/python3:3.11.10.115186.

SlackAsk

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

3.5.1 - R1627458 (November 12, 2024)

Integrations

Slack IAM

Updated the Docker image to: demisto/python3:3.11.10.113941.

Scripts

SlackBlockBuilder

Updated the Docker image to: demisto/python3:3.11.10.113941.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.11.10.113941.

SlackAsk

Updated the Docker image to: demisto/python3:3.11.10.113941.

SlackAskV2

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

3.5.0 - 1584792 (November 3, 2024)

Integrations

Slack v3

Updated the slack-send-file command to be compatible with all apps - including newly created apps from May 8, 2024.

Related pull requests:
- 36719

Download

3.4.19 - 1436534 (September 26, 2024)

Integrations

Slack v3

Updated the Docker image to: demisto/slackv3:1.0.0.112417.

Related pull requests:
- 36523

Download

3.4.18 - 1277948 (August 15, 2024)

Integrations

Slack v3

Updated the slack_send_file command to return an error when called to newly created apps from May 8, 2024, due to Slack's deprecation changes.

Related pull requests:
- 35883

Download

3.4.17 - 1124076 (June 26, 2024)

Integrations

Slack v3

Breaking Changes Updated the test to validate Types of Notifications to Send param for XSIAM, since not all the options are supported there.
Updated the docker image to demisto/slackv3:1.0.0.99303.

Related pull requests:
- 34731

Download

3.4.16 - 1099854 (June 17, 2024)

Integrations

Slack v3

Added support for Xpanse marketplace.

Slack IAM

Updated the Docker image to: demisto/python3:3.10.14.97608.

Scripts

SlackAsk

Updated the Docker image to: demisto/python3:3.10.14.97608.

GetSlackBlockBuilderResponse

Updated the Docker image to: demisto/python3:3.10.14.97608.

Related pull requests:
- 34827
- 34883

Download

3.4.15 - 1076296 (June 6, 2024)

Integrations

Slack v3

Fixed an issue where classifier and mapper were missing in instance configuration.
Updated the Docker image to: demisto/slackv3:1.0.0.97264.

Related pull requests:
- 34758

Download

3.4.14 - R1061293 (June 2, 2024)

Scripts

SlackBlockBuilder

Fixed an issue where the script failed with an uninformative response.

Related pull requests:
- 34552

Download

3.4.13 - R1047063 (May 27, 2024)

Integrations

Slack v3

Improved the integration error handling.

Related pull requests:
- 34085

Download

3.4.12 - 995825 (May 5, 2024)

Scripts

SlackAskV2

Added a disclaimer for the message argument, stating it cannot be longer than 3000 characters per Slack API docs.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Related pull requests:
- 34187

Download

3.4.11 - 991900 (May 3, 2024)

Integrations

Slack v3

Fixed an issue where errors would cause the integration to time out.
The Common Channels parameter can now be delimited by newlines, not only commas.

Related pull requests:
- 34166

Download

3.4.10 - 913451 (March 25, 2024)

Integrations

Slack IAM

Maintenance and stability enhancements.

Scripts

SlackBlockBuilder

Fixed an issue where the blocks were not parsed correctly, when the blocks_url argument contains more than one # symbol.
Updated the Docker image to: demisto/python3:3.10.13.90168.

Related pull requests:
- 31905

Download

3.4.8 - 876540 (March 7, 2024)

Scripts

SlackBlockBuilder

Added the thread_id input to the SlackBlockBuilder automation script to send replies to Slack threads. Added a SlackBlockBuilder context output key that holds the thread_id and other Slack metadata.
Updated the Docker image to: demisto/python3:3.10.13.89009.

Related pull requests:
- 33253
- 32965

Download

3.4.7 - 860237 (February 29, 2024)

Integrations

Slack v3

Fixed an issue where the send-notification command did not send the correct URL on Slack message.
Updated the Docker image to: demisto/slackv3:1.0.0.88538.

Related pull requests:
- 33113

Download

3.4.6 - 837109 (February 19, 2024)

Integrations

Slack v3

Added support for mirroring files from xsoar to slack.
Added the Enable Outbound File Mirroring integration parameter to allow file mirroring from xsoar to slack. The parameter is unchecked by default, disabling file mirroring.
Updated the Docker image to: demisto/slackv3:1.0.0.87650.

Related pull requests:
- 32611

Download

3.4.5 - 836299 (February 18, 2024)

Integrations

Slack IAM

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

3.4.4 - 819156 (February 11, 2024)

Integrations

Slack v3

Updated the Docker image to: demisto/slackv3:1.0.0.86601.

Related pull requests:
- 32814

Download

3.4.3 - R798475 (February 1, 2024)

Scripts

GetSlackBlockBuilderResponse

Breaking changes: Fixed an issue where the first response is always selected.
Updated the Docker image to: demisto/python3:3.10.13.85667.

Related pull requests:
- 32363

Download

3.4.2 - 755215 (January 10, 2024)

Integrations

Slack v3

Fixed an issue where SlackAsk responses were not processed correctly.
Updated the Docker image to: demisto/slackv3:1.0.0.84782.

Scripts

SlackBlockBuilder

Fixed an issue where a unique action ID would be added to image blocks incorrectly.
Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32108

Download

3.4.1 - 752611 (January 9, 2024)

Integrations

Slack v3

Added the incidentAssigned notification type to the available Permitted Notification Types options.
Updated the Docker image to: demisto/slackv3:1.0.0.83424.

Related pull requests:
- 31999

Download

3.4.0 - 721233 (December 27, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 31528

Download

3.3.0 - 7190203 (December 17, 2023)

Integrations

Slack v3

Fixed an issue where SlackBlockBuilder responses would fail to be handled correctly when using the internal request method to update an incident's context.
SlackBlockBuilder no longer relies on the XSOAR API in order to update an incident's context. As such, playbooks which currently use the SlackBlockBuilder script should be modified as described in the documentation.
Additional information regarding the change and migrating from pack version 3.2.8 can be found here.
Updated the Docker image to: demisto/slackv3:1.0.0.83424.

Playbooks

New: SlackBlockBuilderResponseExample

New: This is an example of how to use the SlackBlockBuilder within a playbook.

Scripts

New: GetSlackBlockBuilderResponse

New: GetSlackBlockBuilderResponse will format a SlackBlockBuilder response and insert it into an incident's context.

Related pull requests:
- 31393

Download

3.2.7 - 7029664 (November 30, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 31135

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	August 13, 2020
Last Release	November 14, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.