Slack

Output detections and audit (only) to a Slack community and channel.

• slack_api_token: the Slack provided API token used to authenticate.
• slack_channel: the channel to output to within the community.

Example:

slack_api_token: sample_api_token
slack_channel: #detections

Provisioning:

To use this Output, you need to create a Slack App and Bot. This is very simple:

1. Head over to https://api.slack.com/apps
2. Click on "Create App" and select the workspace where it should go
3. From the sidebar, click on OAuth & Permissions
4. Go to the section "Bot Token Scope" and click "Add an OAuth Scope"
5. Select the scope chat:write
6. From the sidebar, click "Install App" and then "Install to Workspace"
7. Copy token shown, this is the slack_api_token you need in LimaCharlie
8. In your Slack workspace, go to the channel you want to receive messages in, and type the slash command: /invite @limacharlie (assuming the app name is limacharlie)