Slack Watchman 3.0.0 Release

NOTE 1: This version changes the format of the .conf file. If you are upgrading and previously used a .conf file to provide the Slack token, make sure you have read the instructions on how to reformat the file.

Rule based searching

Instead of hardcoded search terms and regex patterns, Slack Watchman now uses YAML rules to supply searches. This means:

• Adding your own rules is incredibly simple, all you need is a search term and a working regex pattern
• You can turn off rules you don't want to search for, meaning more flexibility

More information on the rule format, and how you can provide your own, is in the Docs directory

NOTE 2: Custom searching by text file is now deprecated. If you wish to use this feature, create your own rule with your custom strings and the category custom. See the rules documentation for more information

More searches

Rules have been added to search for even more, such as more configuration files, more token types. Check out the rules directory for a full list of what is searched for.

Lots more logging options

Rather than just returning CSV files, Slack Watchman can now output results in multiple logging formats:

• Log file
• Stdout
• TCP Stream
• CSV

For the new logging options, each result is output in JSON format, perfect to be ingested into a SIEM or log analysis application.

Note: Read the instructions in the Docs directory on setting up logging, you will need to pass variables either by .conf file or environment variable.

Deduplication

All logging options are now deduplicated, meaning that matching results for different search queries are removed, and the results returned are a lot more efficient.

Under the hood improvements

Lots of improvements in the code to make Slack Watchman run better, including more efficient rate limit checking.