fylgja/slack.example.yml

display_information:
  name: fylgja
  description: threat detection engine bot
  background_color: "#344d59"
features:
  bot_user:
    display_name: fylgja
    always_online: false
  slash_commands:
    - command: /rule
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Convert, explain, search, view, or test Sigma rules
      should_escape: false
    - command: /sigma-create
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Convert a Sigma rule to configured output format
      usage_hint: "[id]"
      should_escape: false
    - command: /sigma-details
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Get an explanation of a Sigma rule
      usage_hint: "[id]"
      should_escape: false
    - command: /sigma-search
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Search for Sigma rules
      usage_hint: "[keyword]"
      should_escape: false
    - command: /sigma-view
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: View rule definition
      usage_hint: "[id] [space]"
      should_escape: false
    - command: /sigma-test
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Test a Sigma rule with event log
      usage_hint: "[event log]"
      should_escape: false
    - command: /sigma-config
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Update Sigma rule conversion configuration
      usage_hint: siem [value] OR lang [value] OR output [value] OR update
      should_escape: false
    - command: /sigma-stats
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Show stats about Sigma rules
      should_escape: false
    - command: /alerts
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: List alerts with IDs
      usage_hint: "[space]"
      should_escape: false
    - command: /case
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Create an Elasticsearch case
      usage_hint: "[id]"
      should_escape: false
    - command: /stats
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Show statistics
      should_escape: false
    - command: /fylgja
      url: http://SERVER_DOMAIN_NAME/slack/events
      description: Run fylgja commands
      should_escape: false
oauth_config:
  scopes:
    bot:
      - app_mentions:read
      - chat:write
      - im:history
      - im:read
      - commands
settings:
  event_subscriptions:
    request_url: http://SERVER_DOMAIN_NAME/slack/events
    bot_events:
      - app_mention
      - message.im
  interactivity:
    is_enabled: true
    request_url: http://SERVER_DOMAIN_NAME/slack/events
  org_deploy_enabled: false
  socket_mode_enabled: false
  token_rotation_enabled: false