Slack App to Search VirusTotal and MISP
At work I was tasked with making a case for switching from MS Teams to Slack. Having used Slack in the past at a previous company, I welcomed the challenge. Little did I know that as part of this case would require me to develop a slackbot to showcase some integration use cases so the executive team could see the value rather than me just talk about it.
I took two approaches to this challenge, first I created some abilities for customers to query the bot to see things that might interest them such as current tickets they have open, their MDR endpoints, any open alerts or recommended actions. I will likely write another article on my interactions with the ticketing system we are evaluating.
The second focus of this slackbot demo was to extend and automate functionality for our analysts. The two avenues I chose here are VirusTotal and MISP queries. I wanted to allow analysts the ability to quickly and easily be able to these sources. Neither of these implementations are that concise from a visual perspective but hopefully they will give you enough to start if you have an interest.
The code of all of the integrations here can be found on my github repo. Give a clap if you find this bot useful at all.
VirusTotal
Many of our analysts query domains/IPs/hashes via VirusTotal on a daily basis when doing investigations so this seemed like a logic automation for them to see the power of a slackbot and doing all of their investigations in a…