Skip to main content

✅ Pre-requisites

User must have the AirMDR Slack API manifest in JSON format.
Follow the steps to generate AirMDR Slack API Manifest
  1. Navigate to AirMDR, provide the credentials, and click Login.
  2. In the left navigation pane of the application, select Integrations.
  3. Use the search option, enter the keyword “Slack”, select the Connections tab, and click Create.
  4. In the Authentication Details, step 2 copy the pre-generated manifest to use in the Slack application.
or
Contact AirMDR support team to get the AirMDR Slack API manifest

Slack App Setup via Manifest

This guide provides step-by-step instructions for setting up a Slack App using a manifest file. It covers how to create the app, enable incoming Webhook URL, generate Signing Secret, and Bot Token — essential components for building and integrating bots, automations, and services with Slack’s API.
1

Slack APP Page - Create an App

  1. Go to Slack API Page.
    You can create a new Slack app here.
  2. Click “Create New App” in the top right corner. A pop-up modal “Create an app” will show up. Slack14 Pn
  3. Choose “From a manifest” and enter the required information:
    • Pick a workspace to develop your app in: Select a workspace where you want to install the app. (e.g. airmdr)
  4. Click Next. Slack15 Pn
  5. Paste the JSON content [MANIFEST COPY] generated earlier from the AirMDR Integration Dashboard. 
    
{
    "display_information": {
        "name": "AirMDR",
        "description": "Sends real-time messages to users for confirming security-related actions",
        "background_color": "#002b87"
    },
    "features": {
        "app_home": {
            "home_tab_enabled": false,
            "messages_tab_enabled": true,
            "messages_tab_read_only_enabled": false
        },
        "bot_user": {
            "display_name": "AirMDR",
            "always_online": true
        }
    },
    "oauth_config": {
        "scopes": {
            "bot": [
                "incoming-webhook",
                "users:read",
                "users:read.email",
                "chat:write",
                "im:write",
                "app_mentions:read",
                "im:history"
            ]
        }
    },
    "settings": {
        "event_subscriptions": {
            "request_url": "https://app.airmdr.com/airmdrapi/webhooks/slack/v1/events?token=XXX",
            "bot_events": [
                "message.im"
            ]
        },
        "interactivity": {
            "is_enabled": true,
            "request_url": "https://app.airmdr.com/airmdrapi/webhooks/slack/v1/interactions?token=XXX"
        },
        "org_deploy_enabled": false,
        "socket_mode_enabled": false,
        "token_rotation_enabled": false
    }
}
    Optionally you can customise the JSON content information to easily identify the application.“display_information” → “name”: < your org name>“bot_user” → “display_name”: < your org name>
  6. Click Next. Slack18 Pn
  7. In the Review summary & create your app pop-up modal cross-verify the content and click Create. Slack17 Pn
2

Generate a Webhook URL

  1. In the left navigation menu, navigate to FeaturesIncoming Webhooks. Slack1 Pn
  2. Make sure the toggle option “Activate Incoming Webhooks” is On. Slack2 Pn
  3. Scroll down to the “Webhook URLs for Your Workspace” section.
  4. Click “Add New Webhook to Workspace”. Slack3 Pn
  5. Select a channel in the drop-down list where you want the bot to post to.
  6. Click “Allow” to grant permissions. Slack19 Pn
  7. Once redirected, your Webhook URL will appear under Webhook URLs for Your Workspace.
  8. Click Copy to save it for use. Slack20 Pn
3

Verify Event Subscription Request URL

Slack requires validation of your request URL to enable event subscriptions. To ensure your endpoint (e.g., https://yourdomain.com/slack/events) is publicly accessible and configured to handle Slack’s verification request (responds with the challenge value).
  1. In the left navigation menu, navigate to SettingsEvent Subscriptions.
  2. Toggle Enable Events to On.
  3. Click Retry button in the Request URL. Slack10 Pn
  4. After successful verification, click Save Changes at the bottom. Slack11 Pn
4

Enable OAuth & Permissions

  1. In the left navigation menu, navigate to FeaturesOAuth & Permissions.
  2. In the OAuth Tokens section, click “Install to <your workspace>”. Slack21 Pn
5

Install the App and Get the Bot Token

  1. In the “Where should <your workspace> post?
  2. Select a #channel in the drop-downlist where to post as an app.
  3. Click Allow. Slack22 Pn
  4. After authorization, your Bot User OAuth Token (xoxb-...) will appear under OAuth Tokens for Your Workspace.
  5. Click Copy to store the token. Slack23 Pn
    Click on Revoke Tokens button at the bottom of the page to Revoke All OAuth Tokens:
    You can revoke all OAuth tokens if you want to invalidate the access any existing tokens have to Slack workspace data.
    Users will need to grant your app permissions again to use it.
6

Obtain Signing Secret

  1. In the left navigation menu, navigate to SettingsBasic Information.
  2. Under App Credentials, locate the Signing Secret.
  3. Click Show and then Copy. Store it in a secure location (e.g., secrets manager).
7

Retrieve Credentials

✅ Summary of Retrieved Credentials

CredentialDescription
Webhook URLPosts messages to selected Slack channels
Signing SecretVerifies authenticity of incoming requests
Bot Token (starts withxoxb-)Authenticates API calls made by your bot
Events URLReceives Slack events via HTTP POST (e.g., messages)
Securely save and share the Webhook URL, Bot User OAuth Token and Signing Secret with the AirMDR support team to configure
or
Self configure Slack in the AirMDR Integrations Dashboard.

Evaluate Slack Bot User OAuth Token

Open cURL and run the following command to check if your API Key is working: Sample Request: 

curl -X POST https://slack.com/api/auth.test \
  -H "Authorization: Bearer <xoxb-***your-bot-token***>"
Sample Response: 

{
  "ok": true,
  "url": "https://yourteam.slack.com/",
  "team": "Your Team",
  "user": "bot-user-name",
  "team_id": "TXXXXXXX",
  "user_id": "UXXXXXXX"
}
If Invalid 

{
  "ok": false,
  "error": "invalid_auth"
}

Skills Provided by this Integration

Skill IDPurpose
Slack CheckpointThis skill sends a Slack message to a specified user to confirm suspected activities. It is used within playbooks to pause execution, awaiting user confirmation. If no response is received within a set timeout, the playbook proceeds with subsequent actions. This is crucial for verifying user activities and deciding the next steps in incident response scenarios.
Send Slack MessageSend a message to a Slack channel using a webhook. This skill is useful for real-time notifications or alerts.
To view the details of Input Parameters and Output for the respective skills
  • Go to AirMDR → Slack Integration page.
  • Select the Skills tab and click on the required listed skills.

Configure Slack in the AirMDR Integrations Dashboard

  1. Navigate to AirMDR, provide the credentials, and click Login. Datadog11 Pn
  2. Navigate to the AirMDR Integrations Dashboard in the left navigation pane and select Integrations.
  3. Use the search option, enter the keyword “Slack”, select the Connections tab, and click Create. Slack24 Pn
  4. Enter an unique name to the Instance (e.g., your org name-Slack) to easily identify the user connection by AirMDR.
  5. Enter the Webhook URL, Slack channel name, Bot User OAuth Token and Signing Secret in the Authentication Details field params, and click Create. Slack12 Pn
  6. Click the “Authenticate” button to authorize the connection and complete the setup.
Slack25 Pn