API-enriched Real-time Controls for Slack Enterprise
Note
This is a Controlled General Availability feature. If you want to enable this feature, contact your sales team.
API-enriched real-time controls for Slack provides users the ability to apply granular real-time policies to prevent sensitive data exfiltration in externally-shared/Slack Connect channels.
With this feature, you can now add “channel type” and “channel name” constraints to POST activities in real-time policies for Slack. This provides users the granularity to allow data to be shared in other internal Slack channels while restricting the same in externally-shared or Slack Connect channels.
Prerequisites
To enable this feature, the customer MUST have configured:
Netskope CASB API protection for their Slack Enterprise Instance
Slack traffic steering to the Netskope Cloud
Activities Supported
POST
Newly Added Constraints
Channel Type
Channel Name
How to use API-enriched controls in Slack Real-time protection policies
This feature is currently in controlled-GA and could be enabled by reaching out to customer success teams or Netskope support.
Once enabled, the "Channel Type" and "Channel name" constraints will be available under the "POST" activity for Slack in real-time policies.
The “channel-type” currently supported is ‘Externally-shared’ and the “channel names” list all the externally-shared channels in that Slack Enterprise tenant across all workspaces.
Administrators can configure Channel type and name based policies as shown in the image below.
Note
The prevention of file “uploads” to Slack Connect channels can be controlled via a native app configuration in Slack. To learn more: Manage file uploads for Slack Connect.