This onboarding guide helps you create a new Slack® app that you can integrate with Expel Workbench.

Prerequisites

  1. You must be logged in as the Owner of your Enterprise Grid organization to complete this installation.

Quick Links

Setup includes the following steps (select any step for detailed instructions):

  1. Enable API Access
  2. Add Slack as a Security Device in Workbench

Step 1: Enable API Access

Having read-only access to the interface of your technology allows Expel to dig deeper during incident investigations. Our device health team uses this access to investigate potential health issues with your tech.

Note
Expel secures all login information our SOC analysts need about your devices in an MFA password product. Access to this login information is protected using our internal MFA processes. Learn more about the IP addresses all Expel traffic comes from.

  1. Go to https://api.slack.com/apps.
  2. Select Create an App.
  3. Choose From scratch.
  4. Enter an App Name and choose a Workspace.
  5. Select Create App.
  6. On the Basic Information screen, copy your Client ID and Client Secret and save them to a secure location. You will need these values later in this process.
  7. In the left navigation, under Features, select OAuth & Permissions.
  8. Scroll to the section Redirect URLs.
    • Select Add New Redirect URL.
    • Enter https://localhost.
    • Select Add.
    • Select Save URLs.
  9. Scroll to the section Scopes > User Token Scopes.
    • Select Add an OAuth Scope.
    • Select auditlogs:read.
  10. In the left navigation, under Settings, select Manage Distribution.
  11. Scroll to the section Share Your App with Other Workspaces (Public Distribution).
    • Make sure all four sections have the green checkmark. Open any section without a checkmark and select the required settings to enable them.
    • Select Activate Public Distribution.
  12. Scroll back up to the section Share Your App with Any Workspace and copy the Sharable URL.
  13. Paste the URL into a browser and select Enter to start the OAuth handshake and install the app in your organization.
  14. Sign in to your Slack workspace when prompted.
  15. Check the list in the upper right of the installation screen to verify you are installing the app in the Enterprise Grid organization, and not in an individual workspace within the organization.
  16. Select Continue.
  17. After the app is authorized, you are redirected to the localhost URL. This URL contains a temporary authorization code that you will exchange for a Slack OAuth access token, so be sure to copy the code and save it.
    • You may see a "connection refused"/"Hmmm.....Can't reach this page" error message; this error is expected on the actual page, however the URL will still contain the correct authorization code.
    • The code is located between code= and the next &.
    • The code expires after 10 minutes.
  18. Use Slack's oauth.v1.access method to exchange your code for an access token. Replace the values in angle brackets (do not include the brackets) as follows:
    • code - the temporary authorization code from the previous step.
    • client_id - the Client ID you saved from the Basic Information screen.
    • client_secret - the Client Secret you saved from the Basic Information screen.
curl -F code=<CODE> -F client_id=<CLIENT_ID> -F client_secret=<CLIENT_SECRET> https://slack.com/api/oauth.v2.access
  1. Slack returns an HTTP response that contains the access token. Copy and save the value of access_token for use in the next step.

Step 2: Add Slack as a Security Device in Workbench

Now that we have the correct access configured and noted the credentials, we can integrate your tech with Workbench.

  1. Log in to Workbench.
  2. In the side menu, navigate to Organization Settings > Security Devices.
  3. Select Add Security Device.
  4. In the search box, type “Slack” and then select the Slack integration.
  5. Complete the fields as follows:
    • Name - enter a name that might help you more easily identify this integration, such as “CompanyName Slack”; this name will display in Workbench under the Name column, and is a text string that you can filter on.
    • Location - enter the location of your integration, for example “cloud;” this is also a text string that you can filter on, so we recommend being consistent with location naming across your Expel integrations.
    • API Token - enter the access token you obtained from Slack.
  6. Select Save.
  7. Your device should be created successfully within a few seconds. A few reminders:
    • After your connection is healthy, it will take some time for your device to begin polling and receiving data.
    • To check on the status, select the downward arrow for your device in the first column and choose View details. You can then scroll to the Connection section to see if your device is fully connected.
    • Polling will happen first; data will be received after that. You must refresh the page to see updates.
    • If your device does not begin polling within 15 minutes, and does not begin receiving data within 30 minutes, contact our support team for help.