Slack Watchman is a handy "application that uses the Slack API to look for potentially sensitive data exposed in your Slack workspaces."
The tool offers a solid starting point for those concerned about the prevalence of sensitive information within their Slack workspace, but can't afford one of the commercial solutions or the price tag of the enterprise plan that's required to use of Slack's DLP APIs. It can also provide great insights into how one can use Slack APIs to build similar useful tools.
The tool is a command line one and is simple to configure and run. It looks for all kinds of sensitive information (e.g. API tokens, passwords, passport numbers, IBAN and much more) while requiring a reasonable set of permissions on your workspace.
While I won't write a detailed hands-on guide on how to configure and use this tool, here is the general outline of what you need to do:
- Install the tool using pip.
- Create a new Slack app and add the required scopes to it. Note down the app token value (starts with xoxp).
- Create your configuration file (.conf) for Slack Watchman and make sure to configure it to your liking/needs.
- Run the tool and consume its output however you want.
If you get stuck at any point, the GitHub repo has excellent documentation, so make sure to check it out.
- PaperMtn/slack-watchman: Monitoring your Slack workspaces for sensitive information (github.com)
- A guide to Slack's Discovery APIs | Slack
- Security at Slack | Slack