Skip to content

Slack Audit Logs

Cyderes supports the ingestion of audit events from Slack using the Audit Logs API. This API enables organizations with an Enterprise Grid plan to monitor audit events to ensure continued compliance, safeguard against any inappropriate system access, and audit suspicious behavior within their enterprise

Chronicle Data Types

  • SLACK_AUDIT

Configuration

In order to collect Audit logs, Cyderes requires a slack User Token that has the auditlogs:read scope. To get this token, an application must be installed on an Enterprise Grid organization, not just a workspace, by the owner of that organization.

Once the app is created, and installed on the organization, then it will need to be granted the auditlogs:read scope, and the Slack User Token can be obtained from the apps OAuth page.

Specific instructions on how to do this can be seen in the Slack API Documentation.

Gather Information

Please provide Cyderes with the following:

  • Slack User Token
  • Slack API URL (if different from default, which is https://api.slack.com/)