There are 2 mechanisms at work:
- A Slack app. You will create this app and install it in any of your channels. The app will send new message events to the function.
- A serverless function that receives the events from the slack app, scans them for secrets and sends metadata to us.
Go to Slack apps config and create a new Slack app.
In the installer you'll need to supply some parameters.
In your Slack app's settings page -> Basic Information -> App Credentials you'll find these 4 tokens:
- Slack client id
- Slack client secret
- Slack signing secret
- Slack verification token
Copy these to the relevant CloudFormation installer fields
Note that if you activate remediation (set it to any other than "Not active") -- you must supply the
SlackUserTokenparameter. This can be found in the Install App page under "User OAuth token" after you install the app to the workspace (step 4).
Go to the "App Manifest" page and set it to the following:
display_information: name: spectral-slackbot features: bot_user: display_name: spectral-slackbot always_online: false oauth_config: scopes: user: - files:write - chat:write bot: - channels:history - channels:read - chat:write - files:read - groups:history - groups:read - team:read - users.profile:read - incoming-webhook settings: event_subscriptions: request_url: https://SLACKBOT_LAMBDA_DOMAIN/prod/slack/events bot_events: - file_change - file_created - file_shared - message.channels - message.groups org_deploy_enabled: false socket_mode_enabled: false token_rotation_enabled: false
- After deploying the lambda in the next sections we will come back to this manifest and update the new lambda domain in settings.event_subscriptions.request_url
- Note that private chats (and multiparty private chats) are not supported currently.
Install the Slack app to your workspace (Install app) and copy the Bot user OAuth token to the SlackAuthToken in the AWS installer. If you want to activate remediation copy the "User OAuth token" to the SlackUserToken parameter.
In the Cloudformation installer, mark "I acknowledge that AWS CloudFormation might create IAM resources with custom names" and click on "Create Stack".
In the Slack app configuration, go to App manifest page and fill in the lambda domain under settings.event_subscriptions.request_url (you can find it if you go to the created lambda function, click on "Configuration" tab, then in the API Gateway trigger, click on "details")
Make sure to copy the whole url including /slack/events
Now the channels you add your new Slack app to are monitored.
Invite the Slack app to any public channel in your slack workspace you want to keep track of by mentioning the Slack app in the desired channel or clicking the channel header -> integrations tab -> Add an app. Try sending a secret (like AKIA4HK52OLF2AAN9KWV) to that channel.
Updated 10 months ago