- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-08-2021 07:43 AM
Trying to learn how to use this thing. I've got a very simple playbook set up that uses the Slack integration to send a simple yes/no prompt to a user. Within the Playground, I'm able to successfully send simple messages via slack, so the connection appears to be good, but every time I run the playbook I just get 'Incident playbook task "Ask user a question" stopped on waiting' - no Yes/No prompt, nothing from my 'message' param. Any suggestions?
11-08-2021 09:28 AM
Hey @jhargrove1 ,
Can you confirm which version of the Slack integration you are using? Is it Slack (deprecated) or Slack v2?
11-08-2021 09:29 AM
v2 - not the deprecated one.
11-08-2021 09:34 AM
Ok awesome. Please verify what you have in the integration instance setting for parameter "Dedicated Slack channel to receive notifications" and whether the "Send notifications about incidents to the dedicated channel" checkbox is checked.
11-08-2021 09:39 AM
I do not...and that's not an option or what I was asked to do. This is to send notifications from the 'cortex_xsoar' slack app to a list of designated users.
My current setup is a single conditional task, with the 'Ask' radio button clicked, using the SlackV2 integration, to send a message to a list of test users. Message body is "Please choose an option" and the 'Reply Options' are 'Yes' and 'No'.
11-08-2021 10:10 AM
Thanks for clarifying @jhargrove1 . I just tested this in my instance and I am receiving private notifications from the cortex_soar app in my configured workspace, for an incident.
In your list of testUsers, do you have the usernames/email separated by commas or new lines? If it is new lines, please try with comma separated values. Also verify if the type of that list is Text.
11-08-2021 10:11 AM
The current list is just a single user - no whitespace or delimiters.
11-08-2021 10:14 AM
A slack username. If I use the integration within the Playground, I can send myself messages from the cortex_xsoar slack app, so the app appears to be configured properly and does work during that test. It's only when running the playbook manually via the playbook editor UI that I encounter this issue where I get no yes/no buttons.
11-08-2021 10:27 AM
Got it, I tested with username as well, it works with send-notification but not with Slack Ask. I would recommend using email instead as that worked for me. In the meantime, I will verify whether this is a bug that needs fixing, or a feature request to support usernames in Slack Ask. I'll keep you posted.
11-08-2021 10:29 AM
That is strange as I was under the impression I was just fixing a broken but previously working thing. I have screenshots from slack that show this as working...but I don't know all the details. Thanks for checking though!
11-08-2021 11:11 AM - edited 11-08-2021 11:16 AM
Hi @jhargrove1 , I was able to identify the difference between the send-notification command in the CLI v/s Slack Ask. The username passed in the CLI is the slack username whereas the playbook is using the XSOAR username. So under User Preferences, you should have an email setup for this to work (it will be admin@company.com by default). I will work with our team to update the documentation.
Please let me know if that works for you.
11-08-2021 11:19 AM
Don't really understand that. I'm just using my name, which is my slack name. As mentioned, I do receive messages from xsoar, but they're just errors. My user, as the only string in the test users list, is the only person receiving these error messages, so I'm pretty sure that's all working. Email isn't a part of this at all - though I do get essentially the same error data in my email inbox as well as slack.
11-08-2021 03:28 PM
Hi @jhargrove1 , that email/slack of 'Incident playbook task "Ask user a question" stopped on waiting' isn't an error. This is a server notification. These are configured under User Preferences. So if you're the owner of an incident, you will get notified of playbook tasks waiting for manual input or stuck in error state, depending on your user notification preferences - https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/users-and-roles/configu...
Now the username that you need to configure for the slack ask task needs to be your XSOAR username. You can find that under Settings-Users and Roles. Also, under user preferences you need to make sure your profile has your email listed. The Slack Ask task uses the XSOAR Users list to lookup your email and sends the notification to that email. It is not by Slack username.
11-09-2021 06:52 AM
Hmm. So, first paragraph there - how do I actually test the buttons then?
Second paragraph - our org is something like 3000 users who we sometimes send slack messages to, asking them to confirm or deny some IOC. None of these users exist in xsoar. Why would SlackAsk have anything to do with email addresses if I'm not using the email option? Again, sending myself a simple message via Playground to my slack user works just fine, so actually getting data from xsoar to slack seems to work just fine, it's just the explicit data I'm trying to test with isn't making it from the playbook to the user. If the expected outcome here is just that testing the playbook doesn't actually fully test the playbook, that's an answer I can accept, though it seems like that means you can't really test things the way I expected to.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!