Slack Message Scanning

Overview

Argus's Slack message scanning reads channel messages, thread replies, and file uploads for credentials that get pasted during debugging or ops discussions. Installed as a Slack app; scope can be limited to public channels only or expanded to private channels where the app is invited.

Prerequisites

• Slack workspace Owner or Admin
• Permission to install and approve OAuth apps (or pre-approval from a workspace admin)
• A Cremit Argus account

Step-by-Step Setup

Step 1: Start the Slack install from Argus

• In Argus, go to Configuration > Scan Sources and click New
• Select Slack as the source type
• Click Install to Slack

Step 2: Approve the app in your workspace

Slack's OAuth consent screen opens.

• Review the requested scopes: channels:read, channels:history, files:read, and optionally groups:history for private channels
• Select the workspace where Argus should be installed
• Click Allow; you will be redirected back to Argus

Step 3: Choose channel scope

Decide what Argus can scan.

• Public channels: all public channels in the workspace, auto-included
• Private channels: only ones where Argus is explicitly invited (use /invite @Cremit Argus)
• DMs: not scanned by default; enabling requires additional workspace-admin consent

Step 4: Run the initial historical scan

Argus walks channel history up to the retention limit of your Slack plan.

• Progress is visible per channel on the source detail page
• Real-time scanning kicks in once history is caught up

Verification

To confirm the integration is configured correctly:

• The Slack source shows Connected and lists the expected channel count
• Recently sent test messages containing a dummy token are flagged within 1-2 minutes
• Private channels where you invited the Argus app appear in the target list
• No 'missing_scope' errors in the source's activity log

Troubleshooting

Issue: Private channels are missing from the list.

• Solution: The Argus app must be explicitly invited with /invite @Cremit Argus in each private channel. This is a Slack requirement, not an Argus limitation.

Issue: Historical scan stops partway through a channel.

• Solution: Slack's free plan limits message history visibility. Paid plans or Enterprise Grid remove this limit. Check the channel's banner for a retention notice.

Key Benefits

• Catches the paste-debugging pattern that escapes code scanners entirely
• Real-time scanning means exposures surface within minutes, not on the next weekly review
• Granular scope: public only, public + invited private, or full coverage via admin approval
• File upload scanning catches secrets in uploaded logs and env files