QUESTION

When creating a Slack App to pull Audit Logs into Panther, why do I get the error "Slack healthcheck failed - failed response: Slack API error (200) missing_argument"?

slackfail.png

ANSWER

This error can be caused by the use of an org token when onboarding Slack Access Logs. In this case, this type of error is expected because Slack expects another team_id parameter to be passed along the request, as shown here: https://api.slack.com/methods/team.accessLogs#args

Panther doesn't pass the team_id parameter because its Slack Access Logs integration isn't designed to work with org tokens. For more information, please refer to Panther's Slack Logs documentation.