# Slack Bot Destination
## Overview
Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring a Panther Slack Bot as the destination where you will receive alerts.
Panther's Slack Bot is a Slack application that can send alerts to one or more Slack channels.
Please note the following:
* To interact with the alerts, the Slack user email address must match the email address of the user profile defined in Panther.
* If your email addresses in Slack do not match your Panther Console email addresses, please contact Panther's support team for assistance.
### Managing alerts in Slack
Interactions with the alert within Slack, such as updating the status, setting the assignee, and sending Boomerang messages, will sync back to the Panther Console. The resolution comment when marking an alert as "Resolved" will sync to the Panther alert Activity section.
You can also enable two-way sync for alert status, assignee, and comments. This means that when an alert's status or assignee is changed or a comment is left in the Panther Console (or the Panther API), the changes will sync to the relevant Slack Bot alert(s). Similarly, when comments are added from external destinations like Jira, they will also be synced to Slack if two-way comment syncing is enabled. Learn more in [Two-way comment syncing](https://docs.panther.com/alert-management/slack#two-way-comment-syncing).
For more information on managing alerts in Slack, see [Managing Alerts in Slack](https://docs.panther.com/alerts/alert-management/slack).
## Slack Bot setup video walkthrough
{% embed url="" %}
Video walkthrough for setting up Panther's Slack Bot alert destination integration.
{% endembed %}
{% hint style="info" %}
In the video above, the Slack Bot setup screen in the Panther Console (shown between 3:18-4:40) may no longer directly mirror what you see in your Panther Console.
{% endhint %}
## How to set up Slack Bot alert destinations in Panther
{% hint style="info" %}
Panther users should have the permissions `View Alerts` and `Manage Alerts` to assign alerts and change alert statuses.
{% endhint %}
### Step 1: Creating your first Slack Bot alert destination in Panther
Creating your first Slack Bot alert destination requires the creation of a new Slack Application. Once the initial destination has been created, additional Slack Bot alert destinations will automatically reuse the same Slack Application and its credentials.
1. Log in to the Panther Console.
2. In the left sidebar, click **Configure > Alert Destinations**.
3. Click **+Add your first Destination**.
* If you have already created Destinations, click **Create New** in the upper right side of the page to add a new Destination.
4. Click **Slack Bot**.
5. Click **Copy** to copy the Slack Manifest to your clipboard. You will need this in the next steps.\
Make sure to keep this browser tab open while you begin the next steps.
### Step 2: Configuring the Slack Bot app in Slack
1. In a separate browser tab, [log in to Slack](https://slack.com/signin) using an administrator account.
2. In [Slack - Your Apps](https://api.slack.com/apps), click **Create New App**.
3. In the "Create an app" dialog, select the option **From a manifest**.\
4. In the "Pick a workspace to develop your app" dialog, choose the Slack Workspace to install the Slack Bot into.\
1. If your [Slack plan](https://app.slack.com/plans) is Enterprise Grid, select a Workspace in the Grid that you wish to have the Slack Bot available. The ability to install into other Workspaces in the Grid will come in a later step.
5. Click **Next**.
6. In the "Create app from manifest" dialog, click **YAML.** Paste in the Slack Manifest from the [previous steps](#begin-the-slack-bot-alert-destination-configuration-in-panther) (replacing the pre-populated `Demo App` example content).\
7. Click **Next**.
8. In the "Review summary & create your app" dialog, click **Create.**\
9. If you are logged in as a Slack administrator, skip to Step 3: [Installing the Slack Bot](#installing-slack-bot-to-workspace). Otherwise, continue below.
10. On the Basic Information page, click **Request to Install**.\
* In the "Request to install Panther" dialog, add an optional message for your Slack administrator to provide context, then click **Submit Request**.
* The Basic Information page should now display **Request Submitted** under the "Install your app" section.
11. Ask your Slack administrator to approve the install request, but do not install it yet.
* Once approved, the **Request Submitted** button will update to **Install to Workspace.**
### Step 3: Installing Slack Bot
If your [Slack plan](https://app.slack.com/plans) is Enterprise Grid, please see the Enterprise Grid tab below. For all other Slack plans, please see the Non-Enterprise Slack tab below.
{% tabs %}
{% tab title="Non-Enterprise Slack" %}
**Installing the Slack Bot to your Workspace**
1. On the Basic Information page in Slack, click **Install to Workspace.**\
* You will be redirected to the Slack OAuth Authorization page.\
2. Click **Allow** to authorize access to your new app.
* You will be redirected back to the Basic Information page in Slack.
3. Proceed to [Step 4 - Configuring Panther Slack App.](#step-4-configuring-panther-slack-app)
{% endtab %}
{% tab title="Enterprise Grid" %}
**Installing the Slack Bot on Enterprise Grid**
1. On the Basic information page in Slack, expand **Manage Distribution** and click **Distribute App**.\
2. Click **Opt into Org Level Apps** to enable Org-Wide Installation.\
3. Click **Opt-in**.\
4. Click the checkbox, then click **Yes, Opt-in**.\
%20\(4\).png?alt=media)
5. Navigate back to **Settings > Install App**, then click **Install to Organization**.\
6. Click **Allow** to authorize access to your new app.\
7. In Slack, you will receive a message indicating the installation was successful. Click the linked text **add it to some of your workspaces**.\
8. Select the Workspaces you wish to have the Slack Bot installed to. Optionally, you can also select whether you want to automatically add it to future Workspaces:\
9. Click **Next** and follow the series of on-screen prompts.
Once the installation to the Workspace(s) is complete, you will receive a confirmation message in Slack:\
When you are finished, proceed to [Step 4 - Configuring Panther Slack App.](#step-4-configuring-panther-slack-app)
{% endtab %}
{% endtabs %}
### Step 4: Configuring Panther Slack App
1. Download the Panther logo image to your computer.
{% file src="" %}
2. Navigate back to **Settings > Basic Information** in your Slack App.
3. Scroll down to the "Display Information" section and click **+Add App Icon**:\
* Select the Panther App Icon you downloaded in the prior step.
4. Scroll down to App Credentials section of the Basic Information page. Keep this page open, as you will need this information in the next steps when you finish the configuration in Panther:\
### Step 5: Continuing configuration in Panther
1. Open the browser tab where you began configuring the Slack Bot alert destination in the Panther Console.
* If that tab was closed, or if you are not a Slack admin and you submitted a request to install the app, you will need to follow the [previous steps](#begin-the-slack-bot-alert-destination-configuration-in-panther) to get back to the Slack Bot destination setup process in the Panther Console. You will also need to update the manifest of your Slack Bot app to match the latest version from the Panther Console.
2. From the "Create your Slack Bot app" page in the Panther Console where your manifest is displayed, click **Continue**.
3. Fill out the form to configure the Destination:
* **Display Name**: Enter a descriptive name for the Alert Destination.
* Note: This is the display name of the Alert Destination in the Panther Console, not the name of the Bot in Slack.
* **Channel ID or Channel Name**: Enter the Slack Channel Name (e.g. #hello-world) or Slack Channel ID where you want to receive your alerts.
* Using the Slack Channel ID is recommended, as in the Panther Console, on the alert details page for alerts later sent to this Slack Bot, the specific Slack thread generated by the alert will be hyperlinked. (Using the Channel Name will only link broadly to the channel.)
* Note: If using Slack Enterprise Grid, you must provide the Slack Channel ID. To find the Channel ID, click on the Channel Name in Slack, then scroll to the bottom of the modal:\
* **Client ID**: Enter the Client ID value from the **App Credentials** section of your Slack Bot app.
* **Client Secret**: Enter the Client Secret value from the **App Credentials** section of your Slack Bot app.
* **Signing Secret**: Enter the Signing Secret value from the **App Credentials** section of your Slack Bot app.
* **Bot OAuth Token**: Enter the **Bot User OAuth Token** value from the **OAuth & Permissions** section of your Slack Bot app:\
* **Severity**: Select the severity level of alerts to send to this Destination.
* **Alert Types**: Select the alert types to send to this Destination.
* **Log Types**: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
* **Allow Manual Dispatch**: Set this toggle ON if you'd like to be able to [manually dispatch alerts](https://docs.panther.com/alerts#manual-alert-dispatch) to this destination.
* **Timezone for Alerts in Slack**: Select the timezone to use for the messages sent to this Destination.
* **Two-Way Status Syncing**: Toggle `ON` if you'd like changes to alert status made in the Panther Console (or via the Panther API) to sync to the Slack Bot alert.
* **Two-Way Assignee Syncing**: Toggle `ON` if you'd like changes to alert assignee made in the Panther Console (or via the Panther API) to sync to the Slack Bot alert.
* **AI Triage Syncing**: Toggle `ON` if you'd like the Panther AI alert triage generated for an alert to be added as a comment in its Slack Bot alert thread. Learn more in [AI alert triage sync](https://docs.panther.com/alert-management/slack#ai-alert-triage-sync).
Keep this browser tab open for the next steps.
### Step 6: Invite the Panther Slack Bot to your Slack channel
1. Open your Slack application and navigate to the channel you configured to use with Panther.
2. In the Slack channel, type and send the following message:\
`/invite @Panther`
Once the Panther Slack Bot has been invited to your Slack channel, you will see a confirmation message in Slack and can return to the Panther Console to finalize setup.\
### **Step 7: Finish setup in the Panther Console**
1. Navigate back to the Panther Console.
2. On the "Create your Slack Bot Application" page, click **Add Destination**.\
3. On the final page, optionally click **Send Welcome Message** to test the integration. This will send a message to the Slack channel you've elected to receive alerts.
4. When you are finished, click **Finish Setup**.
For information on how to view or manage alerts sent to Slack by your new Slack Bot Alert Destination, see [Triaging Alerts - Slack Bot](https://docs.panther.com/alerts/alert-management/slack).
### Step 8 (Optional): Creating additional Slack Bot destinations
Learn more about how interactions with multiple Slack Bot destinations work in [Sending an alert to multiple Slack Bot destinations](https://docs.panther.com/alert-management/slack#sending-an-alert-to-multiple-slack-bot-destinations).
To create an additional Slack Bot alert destination, you don't need to create a new application in your Slack workspace.
1. In the left sidebar, click **Configure > Alert Destinations**.
2. Click **Create New** in the upper right side of the page to add a new Destination.
3. Click **Slack Bot**.
4. Complete the form, indicating a **Display Name** and **Channel ID or Channel Name**.
* The Client ID, Client Secret, Signing Secret, and Bot OAuth Token are pre-filled based on your existing Slack Bot alert destination.
* Remember to invite the Panther Bot to the specified channel using `/invite @Panther`.\
5. Click **Add Destination**.
## Updating existing Slack Bot installations for two-way comment syncing
{% hint style="warning" %}
If you set up a Slack Bot destination before Panther version 1.115 and you'd like to enable [two-way comment syncing](https://docs.panther.com/alert-management/slack#two-way-comment-syncing), you'll need to update your Slack app with a new manifest that includes the necessary permissions.
{% endhint %}
To update an existing Slack Bot installation:
1. In the left-hand navigation bar of your Panther Console, click **Configure** > **Alert Destinations**.
2. Locate the existing Slack Bot alert destination for which you'd like to enable two-way sync, and click its name.
3. Scroll to the bottom of the page, and click **Go to configuration**.
4. Copy the new app manifest.
5. Open .
6. Locate your existing Panther app, and click its name.
7. In the left-hand navigation menu, click **App Manifest**.
8. Replace the existing manifest with the new one you copied in Panther.
9. Click **Save Changes**.
10. In the left-hand navigation menu, click **Install App**.
11. Click **Reinstall to ``**.
## Additional Information on Destinations
For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: [Destinations](https://docs.panther.com/destinations).
