first commit

slack.example.yml

@@ -0,0 +1,81 @@
+display_information:
+  name: fylgja
+  description: threat detection engine bot
+  background_color: "#344d59"
+features:
+  bot_user:
+    display_name: fylgja
+    always_online: false
+  slash_commands:
+    - command: /rule
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Convert, explain, search, view, or test Sigma rules
+      should_escape: false
+    - command: /sigma-create
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Convert a Sigma rule to configured output format
+      usage_hint: "[id]"
+      should_escape: false
+    - command: /sigma-details
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Get an explanation of a Sigma rule
+      usage_hint: "[id]"
+      should_escape: false
+    - command: /sigma-search
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Search for Sigma rules
+      usage_hint: "[keyword]"
+      should_escape: false
+    - command: /sigma-view
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: View rule definition
+      usage_hint: "[id] [space]"
+      should_escape: false
+    - command: /sigma-test
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Test a Sigma rule with event log
+      usage_hint: "[event log]"
+      should_escape: false
+    - command: /sigma-config
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Update Sigma rule conversion configuration
+      usage_hint: siem [value] OR lang [value] OR output [value] OR update
+      should_escape: false
+    - command: /sigma-stats
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Show stats about Sigma rules
+      should_escape: false
+    - command: /alerts
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: List alerts with IDs
+      usage_hint: "[space]"
+      should_escape: false
+    - command: /case
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Create an Elasticsearch case
+      usage_hint: "[id]"
+      should_escape: false
+    - command: /stats
+      url: http://SERVER_DOMAIN_NAME/slack/events
+      description: Show statistics
+      should_escape: false
+oauth_config:
+  scopes:
+    bot:
+      - app_mentions:read
+      - chat:write
+      - im:history
+      - im:read
+      - commands
+settings:
+  event_subscriptions:
+    request_url: http://SERVER_DOMAIN_NAME/slack/events
+    bot_events:
+      - app_mention
+      - message.im
+  interactivity:
+    is_enabled: true
+    request_url: http://SERVER_DOMAIN_NAME/slack/events
+  org_deploy_enabled: false
+  socket_mode_enabled: false
+  token_rotation_enabled: false