Skip to main content
McAfee Enterprise MVISION Cloud

API Integration with Slack

After performing the API integration for Slack, MVISION Cloud can monitor user activities in Slack, monitor content that is uploaded into Slack, and evaluate DLP policies.  

Then admins can monitor user activities within Slack, such as one or multiple Slack teams and channels in their enterprise or Org (if they have Enterprise Grid). 

Another option is the Slack Compliance Plan for small organizations that might only have one team. This allows administrators to monitor all types of Slack channels.  DLP policies can also be applied to content uploaded to Slack. 

NOTE: All threat protection and activity monitoring found in the Threat Protection Dashboard are supported using the API configuration, except for anomalies and threats based on geo-location. This is because MVISION Cloud does not collect the source IP information.

Prerequisites

As a security admin, before you enable API access make sure the following prerequisites are in order. 

Slack for Teams

  • Credentials for the Admin account in Slack. These credentials are used to enable API integration in MVISION Cloud.

Slack Compliance Plan

  • Credentials for the Admin account in Slack. These credentials are used to enable API integration in MVISION Cloud.
  • Slack Workspace/Team Domain URL. This is the unique domain URL of the Slack workspace, for example, https://<team>.slack.com

Slack Enterprise Grid

  • Credentials for the Org Owner in Slack. These credentials are used to enable API integration in MVISION Cloud.
  • Slack Org Domain URL. This is the unique domain URL of the Slack organization, for example, https://<org>.enterprise.slack.com 
  • Request Slack to enable MVISION Cloud for your Enterprise Grid. Any Slack Enterprise Grid customer who wants to enable integration with Discovery APIs such as MVISION Cloud must send a request from the Org Owner email exports@slack.com for their Org to integrate with MVISION Cloud. This message should also include the URL domain of the needed Org.
  • Team Under the Enterprise Account. Make sure that at least a Team is created under the Enterprise Grid account. 

Enabling the API

  1. Log in to MVISION Cloud. 
  2. Go to Settings > Service Management.  
  3. From the Service Management page, select Slack from the list of services.  Then click Add Service Instance to add a Slack instance, and give it a unique name.
  4. Click Enable to enable API access. Click Next.  
  5. On the Enable API Review Prerequisites page, review the prerequisites, and then click the checkbox to confirm that you have completed the prerequisites.  Click Next
  6. On the Enable API page, click Provide API Credentials, then click Next.  

If you are using Slack for Teams:

  1. Select click here.



    EnterURLForSlackEnterpriseGrid_OrSlackCompliancePlan.png
     
  2. To grant API Access, enter the user name and password of the Slack Team Owner and log in.
  3. Review the permissions that Slack grants MVISION Cloud, and click Authorize.

If you are using Slack Compliance Plan:

NOTE: Slack Compliance Plan is suitable for small organizations (perhaps consisting of one Slack team or workspace) and provides all advanced APIs needed for MVISION Cloud to monitor user activities for that organization in Slack and apply DLP policies to content that is uploaded to Slack for those teams or organizations.  

  1. In the field Please enter the URL for Slack Enterprise Grid or Slack Compliance Plan, enter your Slack team domain URL and submit.
  2. Enter the credentials of the Team Admin and log in.
  3. Review the permissions that Slack grants MVISION Cloud, and click Authorize.
  4. Select the Slack team where you want the quarantine channel to be created. (This is where all quarantined files are stored while they are reviewed by the administrator.)

NOTE: There will always be only one team in case of Slack Compliance Plan. 

  1. Review the permissions that Slack grants MVISION Cloud, and click Authorize.

If you are using Slack Enterprise Grid:

  1. In the field Please enter the URL for Slack Enterprise Grid or Slack Compliance Plan, enter your Slack Enterprise Grid org domain URL and submit.
  2. Enter the credentials of the Org Owner and log in.
  3. Review the permissions that Slack grants MVISION Cloud, and click Authorize.
  4. Select the Slack team where you want the quarantine channel to be created. (This is where all quarantined files are stored while they are reviewed by the administrator.)
  5. Review the permissions that Slack grants MVISION Cloud, and click Authorize.
  • Was this article helpful?