- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Add Accounts for Wiz
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- Abnormal Security Cloud Collector
- Anomali Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS CloudWatch Alarms Cloud Collector
- AWS GuardDuty Cloud Collector
- AWS S3 Cloud Collector
- AWS Security Lake Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Box Cloud Collector
- Cato Networks Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Meraki Cloud Collector
- Cisco Secure Endpoint Cloud Collector
- Cisco Umbrella Cloud Collector
- Cloudflare Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- Dropbox Cloud Collector
- GCP Pub/Sub Cloud Collector
- Google Workspace Cloud Collector
- LastPass Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Mimecast Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Qualys Cloud Collector
- Recorded Future Cloud Collector
- Recorded Future Context Cloud Collector
- Rest API Cloud Collector
- Salesforce Cloud Collector
- Slack Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- SentinelOne Cloud Collector
- ServiceNow Cloud Collector
- Sophos Central Cloud Collector
- Splunk Cloud Collector
- STIX/TAXII Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Tenable Cloud Collector
- Trend Vision One Cloud Collector
- Trellix Endpoint Security Cloud Collector
- Vectra Cloud Collector
- Zoom Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Issues Cloud Collector
- Wiz API Cloud Collector
- Troubleshooting Cloud Collectors
Prerequisites to Configure Slack Cloud Collector
Before you configure the Slack Cloud Collector, you must obtain the values for client ID and client secret by creating a Slack app for integration.
Obtain Client ID and Secret by Creating a Slack App
Slack APIs are authenticated via client ID and client secret. You must create a Slack app to obtain the values for client ID and client secret to use while configuring the Slack cloud collector.
To create a Slack app:
Log in to Slack Enterprise Grid, and access https://api.slack.com/apps.
Click Create New App.
In the Create an app section, click From scratch.
Specify a name for the app, select the Slack workspace to which the app belongs, and click Create App.
Navigate to OAuth & Permissions page.
Click Add New Redirect URL and enter the URL in subscription url/app/collectors/cloud-collectors/oauth format in the Redirect URLs box. For example https://abc-xyz.staging.exabeam.cloud/app/collectors/cloud-collectors/oauth.
Click Add New Redirect URL, then click Save URLs.
After saving the Redirect URL, in the Advanced token security via token rotation section, click Opt In to enable the refresh token functionality. This allows the collector to generate a new access token using the refresh token.
Click Opt in in the confirmation box.
Scroll down to the Scopes section.
In the User Token Scopes section, select the scope auditlogs:read as this permission is required to allow interaction with the Audit Logs API.
In the left pane, navigate to Settings > Basic Information.
In the Settings section, click Manage Distribution.
Click Distribute App.
In the Share Your App with Other Workspaces section, click Remove Hard Coded Information.
Note
In the Share Your App with Other Workspaces section, ensure that you select the check boxes for all the available options such as Enable Features & Functionality, Add OAuth Redirect URLs, and Use HTTPS For Your Features.
Select the I've reviewed and removed any hard-coded information check box.
Click Activate Public Distribution.
Initiate the OAuth handshake that will install the app:
In Share Your App with Your Workspace, copy the Sharable URL and paste it into a browser of your organization.
You must be logged in as the Owner of your Enterprise Grid organization to install the app.
Verify the dropdown in the upper right of the installation screen to make sure you are installing the app on the Enterprise Grid organization, not an individual workspace within the organization.
After your app completes the OAuth flow, you will be granted an OAuth token that you can use to call all of the Audit Logs API methods for your organization.
For more information, see the Slack documentation.
In the left pane, navigate to Settings > Basic Information > App Credentials.
Copy the values for Client ID and Client Secret to use for authorizing the API calls. Use these values, represented by a string of letters and numbers, to configure the Slack cloud collector.