Slack
LAST UPDATED: NOV 13, 2023
Overview
Slack is a channel-based messaging platform that brings all of a team's communication into one place.
D3 SOAR is providing REST operations to function with Slack.
For example, you can list all channels and users, create a new channel or join an existing channel, invite users to join channels, or remove users from a channel, furthermore, you can send messages or get a thread of specific reply messages.
Slack is available for use in:
Known Limitations
The Slack platform features and APIs rely on rate limits to help provide a predictably pleasant experience for users. The requests to the Web API are evaluated per method, per workspace. Rate limit windows are per minute.
Please refer to Great rate limits for Web API methods from the Slack API documentation for details.
Connection
To connect Slack from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Default | ||
Authentication Type | The type of authentication used for the integration connection. The two options are OAuth 2.0 Authorization code and User OAuth Token (API Token). If you select the OAuth 2.0 Authorization code, please ensure that your app(s) must have enabled the Token Rotation in the Slack API console. | User OAuth Token (API Token) |
Authentication Type: User OAuth Token (API Token) | ||
API Token | The API token to authenticate the connection. | xoxp****4211 |
Authentication Type: OAuth 2.0 Authorization Code | ||
Client ID | The client ID for the OAuth 2.0 authentication. | 1160*****5588 |
Client Secret | The client secret for the OAuth 2.0 authentication. | d2e1****3576 |
Scope | The scopes to enable for the connection. | users:read,channels:manage,chat:write,files:write,channels:read,channels:join,groups:read,groups:write |
Authorization Code | The authorization code for the OAuth2.0 authentication. Click the "Get Authorization" button on the Connection page to automatically generate an authorization code. | ***** |
Callback URL | The callback URL is used for OAuth2.0 with the grant type of authorization code. Add this URL to your app’s Redirect URIs. In the Slack API console, navigate to Your App > OAuth & Permissions > Redirect URLs. This parameter is read-only and auto-generated. | https://D3PlatformURL/VSOC/Auth2Callback.aspx |
Refresh Token | The refresh token for authentication with the grant type of authorization code. Click the "Get Refresh Token" button on the Connection page to automatically generate a refresh token. This parameter is read-only and auto-generated. | xoxe-***** |
Permission Requirements
Each endpoint in the Slack API requires a certain permission scope. The following scopes are required scopes for each command in this integration:
Please refer to the Known Limitations section for Rate Limits details. Refer to Web API methods to get Slack required scopes.
Command | Required Permission |
Archive Channel | Scopes: channels:write, groups:write Rate Limits: Tier 2 |
Create Channel | Scopes: channels:write, groups:write, im:write, mpim:write Rate Limits: Tier 2 |
Get Reply Messages | Scopes: channels:history, groups:history, im:history, mpim:history Rate Limits: Tier 3 |
Get User Details | Scopes: users:read Rate Limits: Tier 4 |
Invite Users To Channel | Scopes: channels:write, groups:write, im:write, mpim:write Rate Limits: Tier 3 |
Join Channel | Scopes: channels:write Rate Limits: Tier 3 |
List Channel Members | Scopes: channels:read, groups:read, im:read, mpim:read Rate Limits: Tier 4 |
List Channels | Scopes: channels:read, groups:read, im:read, mpim:read Rate Limits: Tier 2 |
List Users | Scopes: users:read Rate Limits: Tier 2 |
Remove Users From Channel | Scopes: channels:write, groups:write, im:write, mpim:write Rate Limits: Tier 3 |
Send Files | Scopes: files:write, files:write:user Rate Limits: Tier 2 |
Send Messages | Scopes: chat:write, chat:write:user, chat:write:bot Rate Limits: Special (generally allows posting one message per second per channel) |
Test Connection | Scopes: users:read Rate Limits: Tier 2 |
READER NOTE
Changing the scope will require reinstalling the app and re-adding it to your selected Slack channels. Refer to Application Reinstallation for details.
Configuring Slack to Work with D3 SOAR
Log in to the Slack portal at https://slack.com/ssb/signin#/signin.
Launch your workspace.
Create an application under a specific Slack workspace
Click on the Create New App button.
Enter an App Name.
Select a workspace to develop your app.
Click on the Create App button.
Navigate to https://api.slack.com/apps?new_app=1&ref=bolt_start_hub, then click on the app you wish to configure.
Navigate to the OAuth & Permissions page, then scroll down and add the following Bot Token Scopes: channels:read, channels:manage, chat:write, files:write, users:read, groups:history.
Authenticating with an OAuth 2.0 Authorization Code:
Store the Client ID and Client Secret.
Navigate to the Basic Information page.
Copy and save the Client ID. This will be used in Auth Type 1 section.
Click on the Show button for the Client Secret.
Copy and save the Client Secret. This will be used in Auth Type 1 section.
Click on the OAuth & Permissions item within the left sidebar menu, then click on the Add New Redirect URL under the Redirect URLs section.
Copy the Callback URL from vSOC (refer to Auth Type 1 sub-step 4) and paste it into the Redirect URLs field. Click on the Add button, then click on the Save URLs button.
Set the token_rotation_enabled field to true in the App Manifest.
Navigate to the App Manifest page.
Set the token_rotation_enabled field to true.
Click on the Save Changes button.
Authenticating with a User OAuth Token (API token):
Scroll up and click on the Install to <Workspace> button.
Click on the Allow button.
Copy and save the Bot User OAuth Token. This token will be used in Auth Type 2 sub-step 1.
Configuring D3 SOAR to Work with Slack
Log in to D3 SOAR.
Find the Slack integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Slack in the search box to find the integration, then click it to select it.
Click + New Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Slack.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
Allow messages to also be sent to Slack through this connection: Specifies the receiving Slack channel name.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
Auth Type 1. Select the Authentication Type: OAuth 2.0 Authorization Code
1. Copy the Client ID from the Slack platform (refer to step 6 of the Authenticating with an OAuth 2.0 Authorization Code section).
2. Copy the Client Secret from the Slack platform (refer to step 6 of the Authenticating with an OAuth 2.0 Authorization Code section).
3. The default value of the Scope is users:read,channels:manage,chat:write,files:write,channels:read,channels:join,groups:read,groups:write. Refer to step 5 of the Configuring Slack to Work with D3 SOAR section. See Permission Requirements for the scopes required by commands.
4. Copy the D3 Callback URL and paste it into the Slack Redirect URLs section. Refer to steps 7-8 of the Authenticating with an OAuth 2.0 Authorization Code section.5. Click on the Get Authorization button, then click on the Allow button in the redirect window.
6. Close the redirect window (no need to copy the Authorization Code).
7. Click on the Get Refresh Token button to automatically populate the Refresh Token and Authorization Code fields.
Auth Type 2. Select the Authentication Type: User OAuth Token (API Token)
1. Copy the OAuth Token from the Slack platform and set it to the input Field API Token. Refer to step 8 of the Authenticating with a User OAuth Token (API token) section.
Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
Slack includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Slack API, please refer to the Installing with OAuth and Web API methods.
READER NOTE
Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring Slack to Work with D3 SOAR for details.
Slack customized error response
The error response of slack API requests are packed in the API response with HTTP status code 200. The command execution success/failure will be indicated by the key "OK" in returned JSON data.
The failed Slack API response format looks like this:
Please refer to Using the Slack Web API>Evaluating responses for more detailed explanations.
Note for Time-related parameters
The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:
Navigate to Configuration > Application Settings. Select Date/Time Format.
Choose your desired date and time format.
After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.
Archive Channel
Archives a public or a private channel. The archived channel’s message history will be retained and searchable.
READER NOTE
Channel ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Please note that the #general channel cannot be archived by using this command. The #general channel can’t be archived, deleted, or converted to a private channel. Archive #general channel will result in an error: "can't archive general" in D3 SOAR.
Please refer to Slack Archive or delete a channel for more details.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to archive. Channel IDs can be obtained using the List Channels command. | C0***HY |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Archive Channel failed. An error occurred when calling the Archive Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Archive Channel failed. An error occurred when calling the Archive Channel operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Create Channel
Creates a new channel based on the provided name.
READER NOTE
You will automatically join the created channel. The display username depends on the app you used for your connection. See the FAQ for more details.
Input
Input Parameter | Required/Optional | Description | Example |
Channel Name | Required | The name of the channel. Note: Channel names can only contain lowercase letters, numbers, hyphens, and underscores, and must be 80 characters or less. | test2021***a |
Is Private | Optional | The option to set the channel as private. | True |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Channel failed. An error occurred when calling the Create Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Invalid Channel ID. |
Error Sample Data Create Channel failed. An error occurred when calling the Create Channel operation. Status Code: 200. Message: OK: False, Error: Invalid Channel ID. |
Get Reply Messages
Retrieves a thread of messages posted to a conversation. These messages are replied to with a specified message unique identifier(Message Timestamps).
READER NOTE
Channel ID and Message UID are required parameters to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Run the Send Messages command to obtain Message UID. Message UIDs can be found in the returned raw data at the path $.message.ts.
Please note that the Channel ID must match to Message UID. D3 suggests you to run List Channel first to get the Channel you want to use, then use that Channel ID to run the Send Message command. Use the pair of Channel ID and Message UID to run this command.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to retrieve reply messages from. Channel IDs can be obtained using the List Channels command. | C0***H |
Message UID | Required | The unique identifier timestamp of a thread’s parent message or a message in the thread. Message UIDs can be obtained using the Send Messages command. | 16***.0***0 |
Earliest Time | Optional | The start time of the time range to retrieve reply messages in UTC time. | 2022-01-01 00:00 |
Latest Time | Optional | The end time of the time range to retrieve reply messages in UTC. | 2022-06-01 00:00 |
Limit | Optional | The maximum number of records to return. If the input value is invalid (i.e., negative number, 0, characters or symbols) or the parameter is not defined, the default value of 20 will be used. The maximum input value for this field is 100; however, the recommended value is between 1 to 200. | 2 |
Next Page | Optional | The pagination value of the parameter with the next_cursor attribute returned by a previous request's response_metadata. The "Limit" parameter specifies the maximum number of return records output. The Next Page input parameter outputs the next set of messages while confined to the defined "Limit" parameter. For example, for a given message, there are four replies. You set the "Limit" parameter to 2 so the command outputs the most recent two reply messages. The resulting output raw data has a "next_cursor" value (last JSON key-value pair of the raw data) which can be used for this parameter to run the command again to output the remaining two messages with an earlier timestamp. | bm***DAw |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Reply Messages failed. An error occurred when calling the Get Reply Messages operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Get Reply Messages failed. An error occurred when calling the Get Reply Messages operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Get User Details
Retrieves detailed information about the specified users.
READER NOTE
The parameter User IDs is required to run this command.
Run the List Users command to obtain User IDs. User IDs can be found the the returned raw data at the path $.members[*].id.
When logging into Slack, the User ID of that account can be found by clicking the top right profile icon > Profile > > Copy member ID. Member ID is equivalent to User ID.
Input
Input Parameter | Required/Optional | Description | Example |
User IDs | Required | The IDs of the users to return details. User IDs can be obtained using the List Users command. |
JSON
|
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get User Details failed. An error occurred when calling the Get User Details operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: User ID Not Found. |
Error Sample Data Get User Details failed. An error occurred when calling the Get User Details operation. Status Code: 200. Message: OK: False, Error: User ID Not Found. |
Invite Users To Channel
Invites specified users to a channel.
READER NOTE
Channel IDs and User IDs are required parameters to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Run the List Users command to obtain User ID. User IDs can be found the the returned raw data at the path $.members[*].id.
Please note that the API APP connection used for the command must be a member of the specified channel.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to invite the users to. Channel IDs can be obtained using the List Channels command. | C0***Y |
User IDs | Required | The IDs of the users to invite to the specified channel. User IDs can be obtained using the List Users command. | [ "U***5" ] |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Invite Users To Channel failed. An error occurred when calling the Invite Users To Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Invite Users To Channel failed. An error occurred when calling the Get User Details operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Join Channel
Joins an existing conversation.
READER NOTE
Channel ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Please note:
Same account can only join the same channel once. If you see a warning: already_in_channel in D3 SOAR, please check if you are using the same connection.
Other than checking from Slack UI, users can check whether the channels are private by running List Channels command. You can find related information in Raw Data>find the Channel ID you want to use>find "is private" key under that id>false means it’s not a private channel; true means it’s a private channel.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to join. Channel IDs can be obtained using the List Channels command. Note: Private channels cannot be joined with this command. | C0***W |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Join Channel failed. An error occurred when calling the Join Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Join Channel failed. An error occurred when calling the Join Channel operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
List Channel Members
Retrieves members from a specified channel.
READER NOTE
Channel ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to list members from. Channel IDs can be obtained using the List Channels command. | C0***Y |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Channel Members failed. An error occurred when calling the List Channel Members operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data List Channel Members failed. An error occurred when calling the List Channel Members operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
List Channels
Lists all Slack channels of specified types.
READER NOTE
If the input value for the Types parameter is public_channel, private_channel, all public and private channels will be returned.
Input
Input Parameter | Required/Optional | Description | Example |
Types | Optional | A comma-separated list of the channel types to filter results. The types are:
By default, the value is public_channel. | public_channel,private_channel |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Channels failed. An error occurred when calling the List Channels operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Invalid types. |
Error Sample Data List Channels failed. An error occurred when calling the List Channels operation. Status Code: 200. Message: OK: False, Error: Invalid types. |
List Users
Lists all users in a Slack team.
READER NOTE
If no input parameters are defined, the command will return up to 1,000 users without filtering by role.
The Limit input parameter sets the maximum number of users to return. The default value is 1,000, but you may change it to any value (greater or less than 1,000).
Input
Input Parameter | Required/Optional | Description | Example |
Role | Optional | The role of the users to list. | Workspace Admin |
Limit | Optional | The maximum number of records to return. If the input value is invalid (i.e., negative number, 0, characters or symbols) or the parameter is not defined, the default value of 1,000 will be used. | 2 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Users failed. An error occurred when calling the List Users operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Missing scope. |
Error Sample Data List Users failed. An error occurred when calling the List Users operation. Status Code: 200. Message: OK: False, Error: Missing scope. |
Remove Users From Channel
Removes the specified users from a channel.
READER NOTE
User IDs and Channel ID are required parameters to run this command.
Run the List Users command to obtain User IDs. User IDs can be found the the returned raw data at the path $.members[*].id.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id. List Channel Members is also suggested to get the member in the specific channel, in order to make sure the user you want to remove is in the channel.
Note that the API app connection used for the command must be a member of the specified channel.
Input
Input Parameter | Required/Optional | Description | Example |
User IDs | Required | The IDs of the users to remove from the specified channel. User IDs can be obtained using the List Users command. |
JSON
|
Channel ID | Required | The ID of the channel to remove the specified users from. Channel IDs can be obtained using the List Channels command. | C0***Y |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Remove Users From Channel failed. An error occurred when calling the Remove Users From Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: User ID Not Found. |
Error Sample Data Remove Users From Channel failed. An error occurred when calling the Remove Users From Channel operation. Status Code: 200. Message: OK: False, Error: User ID Not Found. |
Send Files
Shares file(s) on the specified channel(s).
READER NOTE
The parameter Channel IDs is required to run this command.
Run the List Channels command to obtain Channel IDs. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Please note that the API app connection used for the command must be a member of the specified channel.
File ID and File Source
It is not recommended to use the Test Command feature with the Send Files command as it is designed for dynamic input files in Playbooks, Incident Attachments, and Artifact Attachments. There is a simple workaround to test the command:
Navigate to Configuration on the top bar menu.
Click on Utility Commands on the left sidebar menu.
Use the search box to find and select the Create a File from input Text Array command.
Click on the Test tab.
Input the required information for the parameters.
Click on the Test Command button. A D3 File ID will appear in the output data after the file has been successfully created. The D3 File Source of the created file will be Playbook File.
Input
Input Parameter | Required/Optional | Description | Example |
Channel IDs | Required | The IDs or names of the channels to send files to. Channel ID can be obtained using the List Channels command. | C0***2 |
D3 File IDs | Required | The file path of the file source. The options for file paths are:
| [ "20" ] |
D3 File Source | Required | The file source of the file to send. The options for file sources are:
| Playbook File |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Send Files failed. An error occurred when calling the Send Files operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Send Files failed. An error occurred when calling the Send Files operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Send Messages
Sends messages to a specified channel or user.
READER NOTE
See Additional Configurations and Setups.
Channel or User ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Run the List Users command to obtain User ID. User IDs can be found the the returned raw data at the path $.members[*].id.
The input parameter Message Thread ID is used for creating reply messages.
Run the Send Messages command to obtain Message UID. Message UIDs can be found in the returned raw data at the path $.message.ts. This value is the ID of the parent message you just sent. Input the "ts" value to the Message Thread ID parameter and the desired reply message in the Messages field, along with the same Channel ID. Run this command again to reply to the parent message.
Please note that the API app connection used for the command must be a member of the specified channel.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID or name of the channel to send the message(s) to. Channel IDs can be obtained using the List Channels command. | ***** |
Messages | Required | The array of messages to send. |
JSON
|
Message Thread ID | Optional | The option to make this message a reply by specifying timestamp (ts) value of the message to reply to. Avoid using a reply message's value, use its parent message instead. Message timestamps can be obtained using the Send Messages command. | *****.***** |
Message Blocks | Optional | Defines the JSON-based array of structured blocks to be sent with the message. |
JSON
|
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Send Messages failed. An error occurred when calling the Send Messages operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Send Messages failed. An error occurred when calling the Send Messages operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Send Interactivity
Sends an interactivity message to the specified channel.
READER NOTE
See Additional Configurations and Setups.
Channel or User ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Run the List Users command to obtain User ID. User IDs can be found the the returned raw data at the path $.members[*].id.
Message Thread ID is an optional parameter to run this command.
Run the Send Interactivity or Send Messages command to obtain Message Thread ID. For both Send interactivity and Send messages, Message Thread IDs can be found in the returned raw data at the path $.ts. Re-running this command with the $.ts value obtained in the initial run will result in a reply to the parent message.
Please note that the API app connection used for the command must be a member of the specified channel.
Input
Input Parameter | Required/Optional | Description | Example |
Channel or User ID | Required | The ID or name of the channel to which messages are sent. Channel ID can be obtained using the List Channels command. Alternatively, a message can be sent directly to a user by specifying their User ID. User ID can be obtained using the List Users command. | ***** |
Message Thread ID | Optional | The timestamp of a parent message to reply. These parent message timestamps can be obtained by running the Send Interactivity or the Send Messages command. | *****.***** |
Blocks | Optional | The list of JSON objects that define the Slack message blocks (visual components used to create app layouts). Each message can contain a maximum of 50 blocks. It is not necessary to specify a block_id for each block, as D3 will automatically generate one. |
JSON
|
Wait for Response | Optional | Whether to wait for an interactive response from the Slack channel after the message is sent. The options are:
This parameter is used exclusively when the command is part of a playbook task. When set to True, a submit button will be automatically added to the message blocks. | True |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Send Interactivity failed. An error occurred when calling the Send Messages operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Send Interactivity failed. An error occurred when calling the Send Interactivity operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
READER NOTE
If the connection uses the OAuth2.0 method for authentication, it is recommended to enable the Connection Health Check option (refer to step 3i of Configuring D3 SOAR to Work with Slack) to alert you when the token expires. You can go to the Slack API portal (refer to step 5 of Configuring Slack to Work with D3 SOAR Method 2 for instructions) and refresh the token for OAuth 2.0 connections.
Input
N/A
Output
Error Handling
If the Return Data is failed, an Error tab will appear in the Test Result window.
The error tab contains the responses from the third-party API calls including including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. An error occurred when calling the Test Connection operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Missing Scope. |
Error Sample Data Test Connection failed. An error occurred when calling the Test Connection operation. Status Code: 200. Message: OK: False, Error: Missing Scope. |
FAQ
Question1: Why doesn’t my display username in a channel show up as my login username?
Answer: The Slack display username will be your App name when you build connections. It will have an APP tag after the username. You can refer to Configuring Slack to Work with D3 SOAR step 3 for instructions on selecting apps when building a connection. The App names may appear on the Slack user interface after running the following commands: Create Channel, Join Channel, Send Files and Send Messages.
For example, after running the Join Channel command, you might see.
Since API_OAuth is the app you used in your connection, you have joined the #general channel with the username API_OAuth.