Slack
LAST UPDATED: 01/13/2023
Overview
Slack is a channel-based messaging platform that brings all of a team's communication into one place.
D3 SOAR is providing REST operations to function with Slack.
For example, you can list all channels and users, create a new channel or join an existing channel, invite users to join channels, or remove users from a channel, furthermore, you can send messages or get a thread of specific reply messages.
Slack is available for use in:
Known Limitations
The Slack platform features and APIs rely on rate limits to help provide a predictably pleasant experience for users. The requests to the Web API are evaluated per method, per workspace. Rate limit windows are per minute.
![](../../__attachments/75563041/att_7_for_75563041.png?inst-v=6ed13fa1-d50f-489c-ae26-1f5dd92794f0)
Please refer to Great rate limits for Web API methods from the Slack API documentation for details.
Connection
To connect Slack from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Default | ||
Authentication Type | The type of authentication used for the integration connection. The two options are OAuth 2.0 Authorization code and User OAuth Token (API Token). If you select the OAuth 2.0 Authorization code, please ensure that your app(s) must have enabled the Token Rotation in the Slack API console. | User OAuth Token (API Token) |
Authentication Type: User OAuth Token (API Token) | ||
API Token | The API token to authenticate the connection. | xoxp-*****-****599184199-****992764211-**** |
Authentication Type: OAuth 2.0 Authorization Code | ||
Client ID | The client ID for the OAuth 2.0 authentication. | 1160****060.2708****588 |
Client Secret | The client secret for the OAuth 2.0 authentication. | d2e1****90532****3576 |
Scope | The scopes to enable for the connection. | users:read,channels:manage,chat:write,files:write,channels:read,channels:join,groups:read,groups:write |
Authorization Code | The authorization code for the OAuth2.0 authentication. Click the "Get Authorization" button on the Connection page to automatically generate an authorization code. | ****************************.********************************************************* |
Callback URL | The callback URL is used for OAuth2.0 with the grant type of authorization code. Add this URL to your app’s Redirect URIs. In the Slack API console, navigate to Your App > OAuth & Permissions > Redirect URLs. This parameter is read-only and auto-generated. | https://D3PlatformURL/VSOC/Auth2Callback.aspx |
Refresh Token | The refresh token for authentication with the grant type of authorization code. Click the "Get Refresh Token" button on the Connection page to automatically generate a refresh token. This parameter is read-only and auto-generated. | xoxe-1-****************************************************************************************************************** |
Permission Requirements
Each endpoint in the Slack API requires a certain permission scope. The following scopes are required scopes for each command in this integration:
Please refer to the Known Limitations section for Rate Limits details. Refer to Web API methods to get Slack required scopes.
Command | Required Permission |
Archive Channel | Scopes: channels:write, groups:write Rate Limits: Tier 2 |
Create Channel | Scopes: channels:write, groups:write, im:write, mpim:write Rate Limits: Tier 2 |
Get Reply Messages | Scopes: channels:history, groups:history, im:history, mpim:history Rate Limits: Tier 3 |
Get User Details | Scopes: users:read Rate Limits: Tier 4 |
Invite Users To Channel | Scopes: channels:write, groups:write, im:write, mpim:write Rate Limits: Tier 3 |
Join Channel | Scopes: channels:write Rate Limits: Tier 3 |
List Channel Members | Scopes: channels:read, groups:read, im:read, mpim:read Rate Limits: Tier 4 |
List Channels | Scopes: channels:read, groups:read, im:read, mpim:read Rate Limits: Tier 2 |
List Users | Scopes: users:read Rate Limits: Tier 2 |
Remove Users From Channel | Scopes: channels:write, groups:write, im:write, mpim:write Rate Limits: Tier 3 |
Send Files | Scopes: files:write, files:write:user Rate Limits: Tier 2 |
Send Messages | Scopes: chat:write, chat:write:user, chat:write:bot Rate Limits: Special (generally allows posting one message per second per channel) |
Test Connection | Scopes: users:read Rate Limits: Tier 2 |
Configuring Slack to Work with D3 SOAR
Method 1
Authenticating with an OAuth 2.0 Authorization Code:
Log in to the Slack portal at https://slack.com.
Then launch to your workspace.
Go to the Slack API Console at https://api.slack.com/apps?new_app=1&ref=bolt_start_hub. Under Your Apps, click on the app you wish to configure.
Click on App Manifest under Features found on the left sidebar menu. Ensure the token_rotation_enabled field is set to true. This enables the refresh token to rotate the access token. Click Save Changes.
Click on Basic Information under Settings of the left sidebar menu. Under the App Credentials section, copy and save the Client ID and Client Secret. You can revisit this page to view the Client ID and Client Secret again by clicking Show.
Click on OAuth & Permissions on the left sidebar menu, then Add New Redirect URL under Redirect URLs.
The redirect URL can be obtained from the connection page in D3 SOAR. Input the redirect URL then click Add. Click Save URLs to save the configuration.
Under the Scopes section, add the following scopes required for a connection with D3 SOAR: channels:read, channels:manage, chat:write, files:write, users:read, groups:history.
Method 2
Authenticating with a User OAuth Token (API token):
Log in to the Slack portal at https://slack.com.
Then launch to your workspace.
Go to the Slack API Console at https://api.slack.com/apps?new_app=1&ref=bolt_start_hub. Under Your Apps, click on the app you wish to configure.
Click on App Manifest under Features found on the left sidebar menu. Ensure the token_rotation_enabled field is set to false. If this field is set to false, a Refresh Token will be provided instead of a User OAuth Token in the next step.
Click on OAuth & Permissions under Features on the left sidebar menu. Copy and save the OAuth Token. You can revisit this page again to view the OAuth Token.
Configuring D3 SOAR to Work with Slack
Log in to D3 SOAR.
Find the Slack integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Slack in the search box to find the integration, then click it to select it.
Click + New Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Slack.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
Auth Type 1. Select the Authentication Type: OAuth 2.0 Authorization Code
1. Copy the Client ID from the Slack platform (Refer to Configuring Slack to Work with D3 SOAR Method 1 of step 5).
2. Copy the Client Secret from the Slack platform (Refer to Configuring Slack to Work with D3 SOAR Method 1 of step 5).
3. The default value of the Scope is users:read,channels:manage,chat:write,files:write,channels:read,channels:join,groups:read,groups:write. Please refer to Configuring Slack to Work with D3 SOAR Method 1 step 8 for how to set up scopes on the Slack API platform and check the Permission Requirements for the scopes that are needed.
4. Copy D3 Callback URL, and paste it into the Slack Redirect URLs section. Please refer to Configuring Slack to Work with D3 SOAR Method 1 step 6 to 7 for setups.5. Click the Get Authorization button. Confirm if the scopes are correct and then click the Allow button.
6. It does not need to copy the Authorization Code on the redirect page. Please follow the instructions. Closing this window will not affect the OAuth authentication procedure.
7. Click the Get Refresh Token button, and the Refresh Token and Authorization Code will be set automatically.
Auth Type 2. Select the Authentication Type: User OAuth Token (API Token)
1. Copy the OAuth Token from the Slack platform and set it to the input Field API Token. (Refer to Configuring Slack to Work with D3 SOAR Method 2 step 5).
Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
Slack includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Slack API, please refer to the Installing with OAuth and Web API methods.
READER NOTE
Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring Slack to Work with D3 SOAR for details.
Slack customized error response
The error response of slack API requests are packed in the API response with HTTP status code 200. The command execution success/failure will be indicated by the key “OK” in returned JSON data.
The failed Slack API response format looks like this:
![](../../__attachments/75563041/att_1_for_75563041.png?inst-v=6ed13fa1-d50f-489c-ae26-1f5dd92794f0)
Please refer to Using the Slack Web API>Evaluating responses for more detailed explanations.
Note for Time-related parameters
The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:
Navigate to Configuration > Application Settings. Select Date/Time Format.
Choose your desired date and time format.
After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.
Archive Channel
Archives a public or a private channel. The archived channel’s message history will be retained and searchable.
READER NOTE
Channel ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Please note that the #general channel cannot be archived by using this command. The #general channel can’t be archived, deleted, or converted to a private channel. Archive #general channel will result in an error: “can't archive general” in D3 SOAR.
Please refer to Slack Archive or delete a channel for more details.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to archive. Channel IDs can be obtained using the List Channels command. | C0***HY |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Archive Channel failed. An error occurred when calling the Archive Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Archive Channel failed. An error occurred when calling the Archive Channel operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Create Channel
Creates a new channel based on the provided name.
READER NOTE
You will automatically join the created channel. The display username depends on the app you used for your connection. See the FAQ for more details.
Input
Input Parameter | Required/Optional | Description | Example |
Channel Name | Required | The name of the channel. Note: Channel names can only contain lowercase letters, numbers, hyphens, and underscores, and must be 80 characters or less. | test2021***a |
Is Private | Optional | The option to set the channel as private. | True |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Channel failed. An error occurred when calling the Create Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Invalid Channel ID. |
Error Sample Data Create Channel failed. An error occurred when calling the Create Channel operation. Status Code: 200. Message: OK: False, Error: Invalid Channel ID. |
Get Reply Messages
Retrieves a thread of messages posted to a conversation. These messages are replied to with a specified message unique identifier(Message Timestamps).
READER NOTE
Channel ID and Message UID are required parameters to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Run the Send Messages command to obtain Message UID. Message UIDs can be found in the returned raw data at the path $.message.ts.
Please note that the Channel ID must match to Message UID. D3 suggests you to run List Channel first to get the Channel you want to use, then use that Channel ID to run the Send Message command. Use the pair of Channel ID and Message UID to run this command.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to retrieve reply messages from. Channel IDs can be obtained using the List Channels command. | C0***H |
Message UID | Required | The unique identifier timestamp of a thread’s parent message or a message in the thread. Message UIDs can be obtained using the Send Messages command. | 16***.0***0 |
Earliest Time | Optional | The start time of the time range to retrieve reply messages in UTC time. | 2022-01-01 00:00 |
Latest Time | Optional | The end time of the time range to retrieve reply messages in UTC. | 2022-06-01 00:00 |
Limit | Optional | The maximum number of records to return. If the input value is invalid (i.e., negative number, 0, characters or symbols) or the parameter is not defined, the default value of 20 will be used. The maximum input value for this field is 100; however, the recommended value is between 1 to 200. | 2 |
Next Page | Optional | The pagination value of the parameter with the next_cursor attribute returned by a previous request's response_metadata. The “Limit” parameter specifies the maximum number of return records output. The Next Page input parameter outputs the next set of messages while confined to the defined “Limit” parameter. For example, for a given message, there are four replies. You set the “Limit” parameter to 2 so the command outputs the most recent two reply messages. The resulting output raw data has a “next_cursor” value (last JSON key-value pair of the raw data) which can be used for this parameter to run the command again to output the remaining two messages with an earlier timestamp. | bm***DAw |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Reply Messages failed. An error occurred when calling the Get Reply Messages operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Get Reply Messages failed. An error occurred when calling the Get Reply Messages operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Get User Details
Retrieves detailed information about the specified users.
READER NOTE
The parameter User IDs is required to run this command.
Run the List Users command to obtain User IDs. User IDs can be found the the returned raw data at the path $.members[*].id.
When logging into Slack, the User ID of that account can be found by clicking the top right profile icon > Profile >
> Copy member ID. Member ID is equivalent to User ID.
Input
Input Parameter | Required/Optional | Description | Example |
User IDs | Required | The IDs of the users to return details. User IDs can be obtained using the List Users command. | [ "U0***V" ] |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get User Details failed. An error occurred when calling the Get User Details operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: User ID Not Found. |
Error Sample Data Get User Details failed. An error occurred when calling the Get User Details operation. Status Code: 200. Message: OK: False, Error: User ID Not Found. |
Invite Users To Channel
Invites specified users to a channel.
READER NOTE
Channel IDs and User IDs are required parameters to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Run the List Users command to obtain User ID. User IDs can be found the the returned raw data at the path $.members[*].id.
Please note that the API APP connection used for the command must be a member of the specified channel.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to invite the users to. Channel IDs can be obtained using the List Channels command. | C0***Y |
User IDs | Required | The IDs of the users to invite to the specified channel. User IDs can be obtained using the List Users command. | [ "U***5" ] |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Invite Users To Channel failed. An error occurred when calling the Invite Users To Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Invite Users To Channel failed. An error occurred when calling the Get User Details operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Join Channel
Joins an existing conversation.
READER NOTE
Channel ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Please note:
Same account can only join the same channel once. If you see a warning: already_in_channel in D3 SOAR, please check if you are using the same connection.
Other than checking from Slack UI, users can check whether the channels are private by running List Channels command. You can find related information in Raw Data>find the Channel ID you want to use>find ”is private” key under that id>false means it’s not a private channel; true means it’s a private channel.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to join. Channel IDs can be obtained using the List Channels command. Note: Private channels cannot be joined with this command. | C0***W |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Join Channel failed. An error occurred when calling the Join Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Join Channel failed. An error occurred when calling the Join Channel operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
List Channel Members
Retrieves members from a specified channel.
READER NOTE
Channel ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID of the channel to list members from. Channel IDs can be obtained using the List Channels command. | C0***Y |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Channel Members failed. An error occurred when calling the List Channel Members operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data List Channel Members failed. An error occurred when calling the List Channel Members operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
List Channels
Lists all channels in a Slack team.
READER NOTE
Channels satisfying any one of the specified channel types as defined by the Types parameter will be returned. In other words, the returned list channels may not satisfy all of the specified criteria. For instance, if the input value for the Types parameter is public_channel, private_channel, all public and private channels will be returned.
Input
Input Parameter | Required/Optional | Description | Example |
Types | Optional | A comma-separated list of the channel types to filter results. The valid input values are public_channel, private_channel, mpim, and im. The default value is public_channel. | public_channel,private_channel |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Channels failed. An error occurred when calling the List Channels operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Invalid types. |
Error Sample Data List Channels failed. An error occurred when calling the List Channels operation. Status Code: 200. Message: OK: False, Error: Invalid types. |
List Users
Lists all users in a Slack team.
READER NOTE
If no input parameters are defined, the command will return up to 1,000 users without filtering by role.
The Limit input parameter sets the maximum number of users to return. The default value is 1,000, but you may change it to any value (greater or less than 1,000).
Input
Input Parameter | Required/Optional | Description | Example |
Role | Optional | The role of the users to list. | Workspace Admin |
Limit | Optional | The maximum number of records to return. If the input value is invalid (i.e., negative number, 0, characters or symbols) or the parameter is not defined, the default value of 1,000 will be used. | 2 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Users failed. An error occurred when calling the List Users operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Missing scope. |
Error Sample Data List Users failed. An error occurred when calling the List Users operation. Status Code: 200. Message: OK: False, Error: Missing scope. |
Remove Users From Channel
Removes the specified users from a channel.
READER NOTE
User IDs and Channel ID are required parameters to run this command.
Run the List Users command to obtain User IDs. User IDs can be found the the returned raw data at the path $.members[*].id.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id. List Channel Members is also suggested to get the member in the specific channel, in order to make sure the user you want to remove is in the channel.
Please note that the API app connection used for the command must be a member of the specified channel.
Input
Input Parameter | Required/Optional | Description | Example |
User IDs | Required | The IDs of the users to remove from the specified channel. User IDs can be obtained using the List Users command. | [ "U0***5" ] |
Channel ID | Required | The ID of the channel to remove the specified users from. Channel IDs can be obtained using the List Channels command. | C0***Y |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Remove Users From Channel failed. An error occurred when calling the Remove Users From Channel operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: User ID Not Found. |
Error Sample Data Remove Users From Channel failed. An error occurred when calling the Remove Users From Channel operation. Status Code: 200. Message: OK: False, Error: User ID Not Found. |
Send Files
Shares file(s) on the specified channel(s).
READER NOTE
The parameter Channel IDs is required to run this command.
Run the List Channels command to obtain Channel IDs. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Please note that the API app connection used for the command must be a member of the specified channel.
It is not recommended to use the Test Command feature with the Submit Sample Files command as it is designed for dynamic input files in Playbooks, Incident Attachments, and Artifact Attachments. There is a simple workaround to test the command:
In D3 SOAR, navigate to Configuration on the top bar menu.
Click Utility Commands on the left sidebar menu.
Use the search box to find and select the Create a File from input Text Array command.
Select the Test tab, then input the required information for the parameters. Click Test Command.
A D3 File ID will appear in the output data after the file has been successfully created..
(Note: The D3 File Source of the created file will be Playbook File)
![](../../__attachments/75563041/att_16_for_75563041.png?inst-v=6ed13fa1-d50f-489c-ae26-1f5dd92794f0)
Input
Input Parameter | Required/Optional | Description | Example |
Channel IDs | Required | The IDs or names of the channels to send files to. Channel ID can be obtained using the List Channels command. | C0***2 |
D3 File IDs | Required | The file path of the file source. The options for file paths are: Incident Attachment: Incident.file.file ID Playbook File: Task output Artifact File: Incident.Events.file.file ID | [ "20" ] |
D3 File Source | Required | The file source of the file to send. The options for file sources are: Incident Attachment File: Manually uploaded file from Incident Playbook File: Output from another Task Artifact File: Ingested Artifact in an Event | Playbook File |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Send Files failed. An error occurred when calling the Send Files operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Send Files failed. An error occurred when calling the Send Files operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Send Messages
Sends message(s) to a specified channel.
READER NOTE
Channel or User ID is a required parameter to run this command.
Run the List Channels command to obtain Channel ID. Channel IDs can be found in the returned raw data at the path $.channels[*].id.
Run the List Users command to obtain User ID. User IDs can be found the the returned raw data at the path $.members[*].id.
The input parameter Message Thread ID is used for creating reply messages.
Run the Send Messages command to obtain Message UID. Message UIDs can be found in the returned raw data at the path $.message.ts. This value is the ID of the parent message you just sent. Input the “ts” value to the Message Thread ID parameter and the desired reply message in the Messages field, along with the same Channel ID. Run this command again to reply to the parent message.
Please note that the API app connection used for the command must be a member of the specified channel.
Input
Input Parameter | Required/Optional | Description | Example |
Channel ID | Required | The ID or name of the channel to send the message(s) to. Channel IDs can be obtained using the List Channels command. | test2021*** |
Messages | Required | The array of messages to send. | [ "Hello World", "Awesome Day" ] |
Message Thread ID | Optional | The option to make this message a reply by specifying timestamp (ts) value of the message to reply to. Avoid using a reply message's value, use its parent message instead. Message timestamps can be obtained using the Send Messages command. | 16**7.5***9 |
Message Blocks | Optional | Defines the JSON-based array of structured blocks to be sent with the message. |
CODE
|
Message Attachments | Optional | Defines the JSON-based array of structured attachments to be sent with the message. |
CODE
|
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Send Messages failed. An error occurred when calling the Send Messages operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Channel ID Not Found. |
Error Sample Data Send Messages failed. An error occurred when calling the Send Messages operation. Status Code: 200. Message: OK: False, Error: Channel ID Not Found. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
READER NOTE
If the connection uses the OAuth2.0 method for authentication, it is recommended to enable the Connection Health Check option (refer to step 3i of Configuring D3 SOAR to Work with Slack) to alert you when the token expires. You can go to the Slack API portal (refer to step 5 of Configuring Slack to Work with D3 SOAR Method 2 for instructions) and refresh the token for OAuth 2.0 connections.
Input
N/A
Output
Error Handling
If the Return Data is failed, an Error tab will appear in the Test Result window.
The error tab contains the responses from the third-party API calls including including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. An error occurred when calling the Test Connection operation. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Slack portal. Refer to the HTTP Status Code Registry for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: OK: False, Error: Missing Scope. |
Error Sample Data Test Connection failed. An error occurred when calling the Test Connection operation. Status Code: 200. Message: OK: False, Error: Missing Scope. |
FAQ
Question1: Why doesn’t my display username in a channel show up as my login username?
Answer: The Slack display username will be your App name when you build connections. It will have an
tag after the username. You can refer to Configuring Slack to Work with D3 SOAR Method 1 or Method 2 step 3 for instructions on selecting apps when building a connection. The App names may appear on the Slack user interface after running the following commands: Create Channel, Join Channel, Send Files and Send Messages.
For example, you might see
after running the Join Channel command.
Since API_OAuth is the app you used in your connection, you have joined the #general channel with the username API_OAuth.