Skip to main content

Quarterback AI

Slack

Slack is the collaboration hub that brings the right people, information, and tools together to get work done. It allows you to have ideas, make decisions, and move work forward with a common purpose.

Supported Actions and Example Prompts

Action Name

Description

Prompt Example

Get Details of all Users

This action retrieves information about all users on your Slack workspace. For more information, see Action: Get Details of all Users.

Get details of all users from Slack.

List Details of all Channels

This action retrieves details of the specified channel. For more information, see

List details of all channels from Slack.

Send Messages to a Channel

This action sends messages to the specified channel. For more information, see Action: Send Messages to a Channel.

Send a message malware found to the channel security_team in Slack.

Send Messages to a User

This action sends messages to the specified user. For more information, see Action: Send Messages to a User.

Send a message to the user test.user.01@example.com with the message malware found in Slack.

Install and Configure the App

Install and configure the required apps to enable Quarterback AI to perform various security-related tasks and provide relevant responses. After installing an app, you must create an instance that will be used to communicate with the app endpoints. An app can have multiple instances, and you can set a default instance from the configured instance list.

Before you Start

Ensure that you have the API token to authenticate with the Slack app.

Steps

To install and configure an app, follow these steps:

  1. Go to the application, in the left pane, select Quarterback AI.

  2. In Apps, select Slack and click Install.

  3. After the app is installed, click Configure and enter the following details to create an instance:

    • Instance Name: Enter a name for the instance.

    • Instance Description: Enter a description for the instance.

    • Expiry: Select an expiry date for the instance.

    • Set as default instance: Select this option to set this instance as the default instance. By default, this instance will be used to perform actions from this app.

    • Slack Token: Enter your Slack Access Token.

      Note

      The token should have the following permission:

      • channels:read

      • channels:read

      • chat:write.public

      • users:read.email

  4. Click Done.

The instance is created, and you can view it in Instances. To create another instance, click Add Instance.

Action: Get Details of all Users

This action retrieves information of all users on your Slack workspace.

Action Input Parameter

Parameter 

Description 

Field Type 

Required/Optional 

Comments 

Limit 

Enter the maximum number of results you want to retrieve.

Example:

10

Integer

Optional

Default: 200

Page Cursor 

Enter the value from which you want to retrieve results. Use this in conjunction with the Limit parameter for pagination.

When no input is passed, the API retrieves the first set of results.

Example:

"unique_id_5"

Text

Optional

Example 

[
  {
    "limit": 5,
    "cursor": "unique_id_5"
  }
]

Action Response Parameters

Parameter

Field Type

Description

{app_instance} 

JSON Object

This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved.

app_instance.response 

JSON Object

Includes the response received from the app action.

app_instance.response.ok 

Boolean

Indicates if the response is successful

app_instance.response.members 

Array of JSON Objects

List of members

app_instance.response.members.id 

String

Identifier for this workspace user. It is unique to the workspace containing the user. Use this field together withteam_idas a unique key when storing related data or when specifying the user in API requests. We recommend considering the format of the string to be an opaque value, and not to rely on a particular structure.

app_instance.response.members.team_id 

String

The ID of the team to which the member belongs

app_instance.response.members.name 

String

Don't use this. It once indicated the preferred username for a user, but that behavior has fundamentally changed since.

app_instance.response.members.deleted 

Boolean

Indicates if the member's account is deleted

app_instance.response.members.color 

String

Used in some clients to display a special username color.

app_instance.response.members.real_name 

String

Real name of the member

app_instance.response.members.tz 

String

A human-readable string for the geographic timezone-related region this user has specified in their account.

app_instance.response.members.tz_label 

String

Describes the commonly used name of thetztimezone.

app_instance.response.members.tz_offset 

Integer

Indicates the number of seconds to offset UTC time by for this user'stz. Changes silently if changed due to daylight savings.

app_instance.response.members.profile 

Object

Profile information of the member

app_instance.response.members.profile.avatar_hash 

String

Hash of the member's avatar

app_instance.response.members.profile.status_text 

String

The displayed text of up to 100 characters. We strongly encourage brevity.

app_instance.response.members.profile.status_emoji 

String

The displayed emoji that is enabled for the Slack team, such as:train:.

app_instance.response.members.profile.real_name 

String

The user's first and last name. Updating this field will updatefirst_nameandlast_name. If only one name is provided, the value oflast_namewill be cleared.

app_instance.response.members.profile.display_name 

String

The display name the user has chosen to identify themselves by in their workspace profile. Do not use this field as a unique identifier for a user, as it may change at any time. Instead, useidandteam_idin concert.

app_instance.response.members.profile.real_name_normalized 

String

Thereal_namefield, but with any non-Latin characters filtered out.

app_instance.response.members.profile.display_name_normalized 

String

Thedisplay_namefield, but with any non-Latin characters filtered out.

app_instance.response.members.profile.email 

String

A valid email address. It cannot have spaces, and it must have an@and a domain. It cannot be in use by another member of the same team. Changing a user's email address will send an email to both the old and new addresses, and also post a slackbot to the user informing them of the change. This field can only be changedby adminsfor users onpaidteams.

app_instance.response.members.profile.image_24 

String

URL of the member's 24x24 image

app_instance.response.members.profile.image_32 

String

URL of the member's 32x32 image

app_instance.response.members.profile.image_48 

String

URL of the member's 48x48 image

app_instance.response.members.profile.image_72 

String

URL of the member's 72x72 image

app_instance.response.members.profile.image_192 

String

URL of the member's 192x192 image

app_instance.response.members.profile.image_512 

String

URL of the member's 512x512 image

app_instance.response.members.profile.team 

String

The ID of the team the user is on.

app_instance.response.members.is_admin 

Boolean

Indicates whether the user is an Admin of the current workspace.

app_instance.response.members.is_owner 

Boolean

Indicates whether the user is an Owner of the current workspace.

app_instance.response.members.is_primary_owner 

Boolean

Indicates whether the user is the Primary Owner of the current workspace.

app_instance.response.members.is_restricted 

Boolean

Indicates whether or not the user is a guest user. Use in combination with theis_ultra_restrictedfield to check if the user is a single-channel guest user.

app_instance.response.members.is_ultra_restricted 

Boolean

Indicates whether or not the user is a single-channel guest.

app_instance.response.members.is_bot 

Boolean

Indicates whether the user is actually a bot user. Bleep bloop. Note that Slackbot is special, sois_botwill be false for it.

app_instance.response.members.updated 

Integer

Timestamp for when the member's information was last updated

app_instance.response.members.is_app_user 

Boolean

Indicates whether the user is an authorized user of the calling app.

app_instance.response.members.has_2fa 

Boolean

Describes whether two-factor authentication is enabled for this user. Only visible if the user executing the call is an admin.

Action: List Details of all Channels

This action retrieves information of all channels on your Slack workspace.

Action Input Parameters

Parameter 

Description 

Field Type 

Required/Optional 

Comments 

Limit 

Enter the maximum number of results you want to retrieve.

Example:

10

Integer

Optional

Default value:

200

Page Cursor 

Enter the value from which you want to retrieve results.

Example:

"unique_id_5"

Text

Optional

This parameter is used in conjunction with the Limit parameter for pagination. When no input is passed, the API retrieves the first set of results.

Team ID 

Enter the encoded team ID to list channels.

Example:

"T1234567890"

Text

Optional

Types 

Enter the channel type.

Text

Optional

Mix and match channel types by providing a comma-separated list of any combination of the following.

  • public_channel

  • private_channel

  • mpim

  • im

Exclude Archived 

Enter your preference to exclude archived channels from the list.

Example:

Yes

Boolean

Optional

Default value:

No

Example Request 

[
  {
    "limit": 5,
    "cursor": "unique_id_5"
  }
]

Action Response Parameters

Parameter

Field Type

Description

{app_instance} 

JSON Object

This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved.

app_instance.response 

JSON Object

Includes the response received from the app action.

app_instance.response.ok 

Boolean

Indicates if the response is successful

app_instance.response.channels 

Array of JSON Objects

List of channels

app_instance.response.channels.id 

String

The unique identifier for the channel

app_instance.response.channels.name 

String

The name of the channel

app_instance.response.channels.is_channel 

Boolean

Indicates if the object is a channel

app_instance.response.channels.is_group 

Boolean

Indicates if the object is a group

app_instance.response.channels.is_im 

Boolean

Indicates if the object is an instant message

app_instance.response.channels.created 

Integer

Timestamp for when the channel was created

app_instance.response.channels.creator 

String

User ID of the channel creator

app_instance.response.channels.is_archived 

Boolean

Indicates if the channel is archived

app_instance.response.channels.is_general 

Boolean

Indicates if the channel is the general channel

app_instance.response.channels.unlinked 

Integer

Number of times the channel has been unlinked

app_instance.response.channels.name_normalized 

String

Normalized name of the channel

app_instance.response.channels.is_shared 

Boolean

Indicates if the channel is shared

app_instance.response.channels.is_ext_shared 

Boolean

Indicates if the channel is externally shared

app_instance.response.channels.is_org_shared 

Boolean

Indicates if the channel is shared across the organization

app_instance.response.channels.pending_shared 

Array

List of pending shared channels

app_instance.response.channels.is_pending_ext_shared 

Boolean

Indicates if the channel is pending external sharing

app_instance.response.channels.is_member 

Boolean

Indicates if the user is a member of the channel

app_instance.response.channels.is_private 

Boolean

Indicates if the channel is private

app_instance.response.channels.is_mpim 

Boolean

Indicates if the channel is a multi-party instant message

app_instance.response.channels.updated 

Integer

Timestamp for when the channel was last updated

app_instance.response.channels.topic.value 

String

The value of the channel topic

app_instance.response.channels.topic.creator 

String

User ID of the topic creator

app_instance.response.channels.topic.last_set 

Integer

Timestamp for when the topic was last set

app_instance.response.channels.purpose.value 

String

The value of the channel purpose

app_instance.response.channels.purpose.creator 

String

User ID of the purpose creator

app_instance.response.channels.purpose.last_set 

Integer

Timestamp for when the purpose was last set

app_instance.response.channels.previous_names 

Array

List of previous names of the channel

app_instance.response.channels.num_members 

Integer

Number of members in the channel

Action: Send Messages to a Channel

This action sends messages to the specified channel.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Channel Name 

Enter the channel name to which the message should be sent.

Example:

"test_channel"

Text

Required

Slack Message 

Enter the message to be sent.

Example:

"Test message"

Text

Required

Parent Message Timestamp 

Enter the parent message timestamp in epoch time format. Use this parameter when replying to a message in a thread.

Example:

"1403051575.000407"

Text

Optional

Username 

Enter the username with which the message should be sent.

Example:

"Test User"

Text

Optional

Default value: cybot

Example Request 

[
  {
    "slack_channel_name": "test_channel",
    "slack_message": "Test message",
    "thread_ts": "1403051575.000407",
    "username": "Test User"
  }
]

Action Response Parameters

Parameter

Field Type

Description

{app_instance} 

JSON Object

This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved.

app_instance.action_response 

JSON Object

Includes the details of the response retrieved from the action.

app_instance.action_response.channel 

String

ID of the Slack channel to which the message is sent.

app_instance.action_response.message 

JSON Object

Includes the details of the message sent to the channel. The details include the app_id, blocks, bot_id, bot_profile, team, text, ts, type, and user.

app_instance.action_response.ok 

Boolean

Returns true if the message is sent successfully.

app_instance.action_response.response_metadata 

JSON Object

Returns the response metadata received from Slack, such as a warning.

app_instance.action_response.ts 

String

The ID of the message sent.

app_instance.action_response.warning 

String

The warning message, if any.

app_instance.status_code 

Integer

HTTP status code of the API request.

Action: Send Messages to a User

This action sends messages to the specified user.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

User Email 

Enter the email address of the user you want to message.

Example:

"test.user.01@example.com"

Text

Required

Slack Message 

Enter the message to be sent.

Example:

"Test message"

Text

Required

Username 

Enter the username with which the message should be sent.

Example:

"Test User"

Text

Optional

Default value: cybot

Example Request 

[
  {
    "slack_email": "test.user.01@example.com",
    "slack_message": "Test message",
    "username": "Test User"
  }
]

Action Response Parameters

Parameter

Field Type

Description

{app_instance} 

JSON Object

This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved.

app_instance.action_response 

JSON Object

Includes the details of the response retrieved from the action.

app_instance.action_response.channel 

String

ID of the Slack channel.

app_instance.action_response.message 

JSON Object

Includes the details of the message sent to the channel. The details include the app_id, blocks, bot_id, bot_profile, team, text, ts, type, and user.

app_instance.action_response.ok 

Boolean

Returns true if the message is sent successfully.

app_instance.action_response.response_metadata 

JSON Object

Returns the response metadata received from Slack, such as a warning.

app_instance.action_response.ts 

String

The ID of the message sent.

app_instance.status_code 

Integer

HTTP status code of the API request.