Contents x
    Slack Audit Logs
    • 29 Oct 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents
      This documentation version is deprecated, please click here for the latest version.

    Slack Audit Logs

    • Updated on 29 Oct 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Slack audit logs allow for ingestion of audit events in a Slack Enterprise Grid organization. Events can be ingested directly from the Slack API via a cloud-to-cloud or CLI Adapter.

    Slack telemetry can be addressed via the slack platform.

    Note: Audit Logs via API are only available to Slack workspaces on the Enterprise Grid plan.

    Adapter Deployment

    Slack Audit Logs can be collected directly from the Slack API, via a cloud-to-cloud Adapter, or via the CLI Adapter. You will need a Slack App OAuth token prior to deploying this Adapter. More information on generating Slack OAuth tokens can be found at this link.

    Cloud-to-Cloud Adapter

    Slack API telemetry can be configured directly from the LimaCharlie web application. Under Sensors List, select + Add Sensor > Slack Audit Logs. After providing an Installation Key, you will be prompted to provide an Adapter Name and a Slack App OAuth Token.

    image.png

    Deploying via the CLI Adapter

    The LimaCharlie CLI Adapter can also be used to ingest Slack events, if you do not wish to create a cloud-to-cloud connector. The following sample configuration can be used to create a Slack CLI Adapter:

    slack:
  client_options:
    hostname: slack-audit
    identity:
      installation_key: <INSTALLATION_KEY>
      oid: <OID>
    platform: slack
    sensor_seed_key: super-special-seed-key
  token: <SLACK OAUTH TOKEN>
    Was this article helpful?
    What's Next