How to configure Slack Enterprise on Prisma SAAS

How to configure Slack Enterprise on Prisma SAAS

801
Created On 08/17/22 20:55 PM - Last Modified 05/22/25 21:28 PM


Objective


To Configure Slack Enterprise on SaaS Security API and to answer related questions.

Environment


  • SaaS Security API
  • DLP
  • Prisma SaaS
  • Aperture
  • Slack

Procedure


The user should have Slack Enterprise v2 to configure admin alerts. The below picture shows that a user has configured slack enterprise and looking to set up admin alerts which is not supported.

GUI: Login to Prisma SAAS > Settings > Alerts:

Slack Legacy Enterprise Reference


Steps to configure Slack Enterprise v2 :

  1. Once the user onboarded the slack, a power token should be configured.
  2. The user should select the workspace where the notification is sent to.
  3. The user should always select Slack Enterprise v2 to configure admin alerts instead of slack enterprise as this feature allows only on Slack Enterprise v2. With the new connectors, users should be able to select the channel from the alerts workflow.
  4. User can also select any number of work spaces which will be created in the slack. Once, the application starts scanning, the alert is setup .
  5. In slack enterprise user can scan messages from public channel, across workspaces, send DM and also private channel. Once the messages have been exchanged , the SaaS Security API shows up on the assets. To view the assets , Go to assets > select slack enterprise v2
  6. Once alerts are configured, slack messages are seen in the bot channel and also the channels user have configured.
  7. Go to alerts> Configure Admin alerts> select slack app> Select the slack app from the dropdown which was already configures and select the channel.
  8. Send few messages from workspace from either private or public channel to test whether the notification alert is shown on the slack .

How the Backend Process works:

  1. From backend, a job is created to run the backward scan messages every week . 
  2. Whenever a user onboards the app, a new topic is created automatically in Kadrop such as tenant id, app id , index id etc.
  3. The process of backward scanning is represented based on the channels and teams.
  4. If a grid has n channels and t teams and number of messages in the topic then number of messages in the topic will be t into n into 52 .
  5. Each channel of each team is divided into 7 -7 days for 52 times because there are 52 weeks .
  6. This kadrop is used to check the queue size for backward scanning. 
  7. So, the total messages will be 5661 scanned every week.
  8. Backward scanning is also seen from grafana that comes from kadrop. 
  9. The  After the notification is setup , the user will be received to private channel as well.

The slack Enterprise v2 uses API instead of web hook. For DLP  use case, slack enterprise does not support web hooks which means that web hooks can be configured for a particular workspace only and the user who has authentication provides token and allows web hooks. However, that user should be part of every conversation on workspaces or channels. This is a tedious process which was implemented in legacy application. But in the new connectors, all of the slack is using API only.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlJaCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail