Skip to main content
Sumo Logic

Install the Slack App and view the Dashboards

This page provides instructions on how to install the Slack App, as well as examples of each of the dashboards. The App's pre-configured searches and Dashboards provide easy-to-access visual insights into your data. 

Install the App  

This section shows you how to install the Sumo Logic App for Slack. 

To install the app, do the following:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboard filters  

Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard. 

Slack_dashboard_filter.png

Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

Slack_Panel_filters.png

Slack - Overview Dashboard

The Slack - Overview dashboard provides an at-a-glance view of the number of workspaces, members, bots, admins, public channels, and public messages. Panels also show geographic access locations, and key statistics around public messages  and files.

Use this dashboard to:

  • Monitor the admins, bots, and members across workspaces.
  • Identify the trends around public messages and files shared 
  • Monitor locations from which workspaces are being accessed

Slack_Overview.png

Slack - Members Dashboard

The Slack - Members dashboard shows trends for total members, active members, and messages by workspace. Panels also show detailed member information, and breakdowns by workspace for roles, timezones, and two factor authentication (2FA). 

Use this dashboard to:

  • Monitor member activity across workspaces.
  • Identify inactive members that have not accessed the workspace.
  • Identify members that do not have two factor authentication enabled

Slack_Members.png

Slack - Bots

The Slack - Bots dashboard displays information on bots, which are software applications that run automated tasks over the Internet. Panels show trends by workspace for all bots, active bots, and messages, as well as detailed information on bots, and a detailed bot summary.

Use this dashboard to:

  • Monitor bots and bot activities across multiple workspaces.

Slack_Bots.png

Slack - Public Channels Dashboard

The Slack - Public Channels dashboard provides detailed information across all channels, as well as active channels. Panels also show information on the top ten channels by files and by attachments, and a summary of all channels.

Use this dashboard to:

  • Monitor channel activity across multiple workspaces
  • Identify inactive channels where messages are not being posted

Slack_Public_Channels.png

Slack - Public Messages 

The Slack - Public Messages dashboard provides details around attachments, files shared and statistics around messages in Slack public channels. 

Use this dashboard to: 

  • Monitor various file types being shared and identify those that pose the greatest risk
  • Investigate the details of file shared via the URL links in the Recent File Shared panel

Slack_Public_Messages_Investigation.png

Slack - Access Dashboard

The Slack - Access dashboard helps you monitor how users are accessing Slack and identifies access requests coming in from malicious domains.

Use this dashboard to:

  • Identify all incoming threats detected via Sumo Logic Threat Intel
  • Identify the kinds of mobile or desktop platforms that users are using to access Slack
  • Identify trends for user access patterns across multiple workspaces

Slack_Access.png

Slack - Audit Overview Dashboard

The Slack - Audit Overview dashboard provides details around  Slack audit actions, and trends. 

Use this dashboard to:

  • Review audit actions and determine which are not approved or need to be corrected
  • Identify and validate that top users performing audit actions

Slack_Audit_Overview.png

Slack - User Audit

The Slack - User Audit dashboard provides insight into  user and administrative audit actions and trends. Panels also display detailed information for members and guest members.

Use this dashboard to:

  • Monitor audit actions across multiple workspaces.
  • Monitor all role changes for workspaces and identify any suspicious behavior
  • Monitor and validate that all guest activities are in line with what is expected

Slack_User_Audit.png

Slack - Workspace Audit

The Slack - Workspace Audit dashboard provides information on top users, top audit actions and audit trends. Panels also detail workspace sign on, exports, data retention and billing, and other admin activities. 

Use this dashboard to:

  • Monitor all workspace related activities.
  • Monitor changes to single-sign-on settings including two factor authentication
  • Monitor workspace related, data retention, or billing activities
  • Monitor the exports that are performed on workspaces

Slack_Workspace_Audit.png

Slack - Channel Audit

The Slack - Channel Audit dashboard provides details on the top channel audit actions and trends. The panels also display information on top members and member activity, and top guest members and guest member activity.

Use this dashboard to:

  • Monitor channel related activities for multiple workspaces
  • Monitor all the private and public channels joined by members and guests 
  • Monitor all the private channels that are created, deleted, and archived by guests

Slack_Channel_Audit.png

Slack - File and App Audit

The Slack - File and App Audit dashboard displays file audit and app audit information. The panels show audit actions, top actions and file types or scopes, top users, and member activity.

Use this dashboard to:

  • Monitor all application and file related activities across multiple workspaces
  • Identify the top users who perform actions related to applications and files
  • Identify all guests and members that share, install applications download and upload files across public and private channels
  • Identify the top scopes under which applications are approved and installed

Slack_File_And_App_Audit.png