Links

Remediate

Connect Borneo to your Slack channels to send incident alerts to your security team, so they can respond fast and address any potential security risks.
Slack Notification

How to integrate

1. Create a new Slack App or use an existing one and create a new bot token for the app. Select From scratch.

2. Enter the App name and choose the workspace. Click on create App.
3. For Enable slack incoming webhook for the slack app under Incoming Webhooks
4. The app needs to be installed to the workspace, click on Install to Workspace under Basic Information
5. Select the channel to which the app needs to post
6. Adjust the bot token's permissions under OAuth & Permissions to include the following scopes:
  • channels:history
  • channels:join
  • channels:manage
  • channels:read
  • chat:write
  • groups:history
  • groups:read
  • groups:write
  • im:history
  • im:read
  • im:write
  • incoming-webhook
  • mpim:history
  • mpim:read
  • mpim:write
  • users:read
  • users:read.email
7. Add the bot to the channel to which the alert needs to be sent (invite the bot to the channel).
8. Return to the Borneo dashboard and open the Configure > Notifications page enable Slack notifications:
9. Enter the API token generated in step 1 (“bot token”). This will validate the token and fetch only the channels to which the bot is added. Then, click Next.
10.Select the channel to which you want to post Borneo security incident alerts.
11. You can also choose to add custom remediation messages based on different infotypes detected.
12. Furthermore, you can also choose to allow incidents to be resolved within the Slack Message instead. See how remediation within Slack Messages works.

Interactive Messaging Instructions:

  • First, get your app's Signing Secret. You can do so by going to your Slack app's main page. Then, under App Credentials, copy your Signing Secret.
  • Next, click Interactivity & Shortcuts on the sidebar. Then, turn on Interactivity. Then, add https://<your-borneo-app-url>/dlp/api/slack/remediation into Request URL.
  • Next, add your Signing Secret into Borneo's Slack configuration page shown before.
  • Then, add your User ID to which a verification confirmation message will be sent. You can find your User ID by first pressing your profile pic on the top right of Slack. Then, click Profile. Next, click More. You will then see a Copy member ID. Click on that and your User ID will be copied to the clipboard. You can then add your User ID into the configuration page shown before.
  • Next, click Verify. A verification message will be sent to you by the App's bot. Click on Verify on the message to proceed.
13. Finish the setup by clicking the Save button. A test message will be sent to the selected channel. An error may be raised if the API token does not have sufficient permissions.
Last modified 2mo ago