Merge pull request #1384 from TheHive-Project/slackintegration-2

Add Slack responder to sync created channels into task

Author: nusantara-self

responders/Slack/README.md

@@ -0,0 +1,89 @@
+# Slack Responders
+
+<div align="center">
+  <img src="./assets/slack-logo.png" alt="Slack Logo" width="150"/>
+</div>
+
+This directory contains two Slack responders for TheHive integration:
+
+1. **Slack_CreateChannel**: Creates a Slack channel for a TheHive case, invites participants, and optionally posts a case summary and description.
+2. **Slack_SyncChannel**: Syncs Slack channel conversations to TheHive task logs. Imports messages chronologically with file attachments for traceability.
+
+---
+
+## Features
+
+### Slack_CreateChannel
+- Creates a Slack channel named `case-<caseId>` (customizable prefix)
+- Invites default participants by email
+- Sets channel visibility (private or public)
+- Posts case summary and/or case description (optional)
+
+### Slack_SyncChannel  
+- Retrieves all conversation history from channels with format `#case-CASEID`
+- Creates TheHive tasks in "Communication" category with individual task logs for each message
+- Downloads and attaches file attachments (images, documents) to task logs
+- Chronologically ordered messages with timestamps and usernames
+- Prevents duplicate syncing by tracking message timestamps
+- Converts Slack user IDs to readable usernames for better readability
+
+## Preview
+
+<div align="center">
+  <a href="./assets/slack-history.png" target="_blank">
+    <img src="./assets/slack-history.png" alt="Slack History" width="300" style="margin: 10px;"/>
+  </a>
+  <a href="./assets/thehive-slacksync-1.png" target="_blank">
+    <img src="./assets/thehive-slacksync-1.png" alt="TheHive Slack Sync 1" width="300" style="margin: 10px;"/>
+  </a>
+  <a href="./assets/thehive-slacksync-2.png" target="_blank">
+    <img src="./assets/thehive-slacksync-2.png" alt="TheHive Slack Sync 2" width="300" style="margin: 10px;"/>
+  </a>
+</div>
+---
+
+## Requirements
+
+- A Slack workspace where you have permissions to create a bot.
+- Your bot must be allowed to create channels and invite users.
+
+---
+
+## 1. Create a Slack App & Bot Token
+
+1. Go to [Slack API: Your Apps](https://api.slack.com/apps) and click **"Create New App"**.
+2. Choose **From scratch**, name your app, and pick your workspace.
+3. Under **Features**, click **OAuth & Permissions**.
+4. **Add these OAuth scopes** under **Bot Token Scopes**:
+
+   **For Slack_CreateChannel:**
+    - `groups:write` - Manage private channels that your slack app has been added to and create new ones
+    - `groups:write.invites` - Invite members to private channels  
+    - `groups:write.topic` - Set the description of private channels
+    - `groups:read` - View basic information about private channels that your slack app has been added to
+    - `users:read.email` - Look up user IDs by email
+    - `chat:write` — Send messages as the bot
+    
+   **For Slack_SyncChannel (additional scopes required):**
+    - `channels:history` - Read messages in public channels
+    - `groups:history` - View messages and other content in private channels that your slack app has been added to
+    - `channels:read` - View basic information about public channels
+    - `files:read` - Access file content and info (for downloading attachments)
+    - `users:read` - View people in a workspace (for username conversion)
+    
+   **⚠️ Important for File Downloads:**
+   - Your Slack bot must be **added to the channel** where files were shared
+   - Files shared before the bot was added may not be downloadable
+   - Private files require the bot to have proper permissions
+
+5. **Install the app to your workspace** (top right: "Install to Workspace").
+6. After install, **copy your Bot User OAuth Token** (starts with `xoxb-...`).
+
+***Note: don't forget to reinstall your app to workspace to refresh permissions of your BOT.***
+
+---
+
+## 2. Enable and configure the Responders
+
+Log into your Cortex instance, go to Organization > Responders and enable the desired JIRA responders with the appropriate configuration & API keys.
+

responders/Slack/Slack_CreateChannel.json

@@ -4,7 +4,7 @@
   "author": "Fabien Bloume, StrangeBee",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
-  "description": "Creates a Slack channel for a TheHive case, invites participants, and optionally posts a summary.",
+  "description": "Creates a Slack channel for a TheHive case, invites participants, and optionally posts a case summary and description.",
   "dataTypeList": ["thehive:case"],
   "command": "Slack/slack.py",
   "baseConfig": "Slack",

responders/Slack/Slack_SyncChannel.json

@@ -0,0 +1,49 @@
+{
+  "name": "Slack_SyncChannel",
+  "version": "1.0",
+  "author": "Fabien Bloume, StrangeBee",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Syncs Slack channel conversations to TheHive task logs. Imports messages chronologically with file attachments for traceability.",
+  "dataTypeList": ["thehive:case"],
+  "command": "Slack/slack.py",
+  "baseConfig": "Slack",
+  "config": {
+    "service": "syncchannel"
+  },
+  "configurationItems": [
+    {
+      "name": "slack_token",
+      "description": "Slack Bot Token used for API authentication.",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "thehive_base_url",
+      "description": "TheHive base URL for API access.",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "thehive_apikey",
+      "description": "TheHive API key for authentication.",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "channel_prefix",
+      "description": "Prefix to use for the Slack channel name. By default, 'case-'",
+      "type": "string",
+      "multi": false,
+      "required": false,
+      "defaultValue": "case-"
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": false,
+  "free_subscription": true,
+  "service_homepage": "https://www.slack.com"
+}