Secure Slack Workspaces with Mondoo
Continuously scan a Slack workspace for misconfigurations and security issues.
Mondoo continuously scans a Slack workspace for misconfigurations and security issues. Deploy the integration once and assessments stay current as the workspace changes.
Prerequisites
- Editor or Owner access to the Mondoo space
- Access to a Slack workspace
Create a Slack API token for Mondoo
Mondoo authenticates to Slack with a user OAuth token from a new Slack app.
-
On the Slack API website, go to Your Apps and select Create an App.
-
Select From scratch.
-
Name the app (for example,
mondoo-security), pick the workspace to secure, and select Create App.
-
Under Add features and functionality, select Permissions.
-
Scroll to Scopes > User Token Scopes and add each of these scopes (select Add an OAuth Scope for each):
channels:readgroups:readim:readmpim:readteam:readusergroups:readusers:read
-
Scroll up to OAuth Tokens for Your Workspace and select Install to Workspace, then Allow to confirm.
-
Copy the User OAuth Token. You need it in the next section.
Add a Slack integration
In the Mondoo App, navigate to the space where you want to add the integration. In the side navigation bar, select Integrations. In the top right, select + INSTALL. On the integrations page, find the integration you want by browsing or searching by name:
-
Under SaaS, select Slack.
-
In Choose an integration name, enter a name that identifies the workspace.
-
In Enter the API token, paste the User OAuth Token you copied.
-
Select START SCANNING.
On the Recommended Policies page, enable the policies you want Mondoo to score this integration against. To learn how policies work, read Manage Policies.