- 26 Jun 2024
- 7 Minutes to read
- Print
- DarkLight
- PDF
Slack Tips and Tricks
- Updated on 26 Jun 2024
- 7 Minutes to read
- Print
- DarkLight
- PDF
In this article:
Common Slack Use Cases
The Advantages of a Slack Full-Mirrored Sync
Tips for Creating a Full-Mirrored Sync in Onna
Common Slack Use Cases
Onna's Slack connector is a highly flexible tool that allows users to collect and utilize as much or as little data as is needed. Below you’ll find some of the ways that Onna customers are using Slack data and how you may be able to better leverage the Slack data that you have in Onna.
Use Case #1: Conduct real-time eDiscovery collections across entire Slack workspaces or specific channels and users.
Although familiar to most of our customers, Onna's real-time collections for eDiscovery stand out because of their flexible nature. With Onna, you can collect from entire Slack workspaces, or you can get very granular and choose to only collect for specific users or Slack channels; it's up to you.
Use Case #2: Maintain an audit log of all eDiscovery collections.
Are you utilizing Onna's audit log capabilities? Onna users can maintain an audit log of their eDiscovery collections for defensibility purposes, showing users' actions such as adding/deleting sources, syncing errors, viewing documents, and sharing.
Use Case #3: Run advanced searches across entire Slack workspaces, including specific channels and users.
All of the Slack data coming into Onna is indexed and processed. This level of processing allows you to get granular in your searches, including accessing metadata. Even when searching across multiple workspaces, with Onna's advanced search capabilities, you can identify specific custodians, look at conversations between two custodians, identify a certain type of message for a certain date period, and other granular fields.
Use Case #4: Export Slack data in multiple formats to upload to document review platforms
Onna is review platform agnostic, meaning you can configure your exports to match the requirements of your outside counsel and the review platform they are using. To make this process fast and efficient, you can create an export template so that every time you are exporting for a particular firm that may use a particular platform, you can utilize that export template.
Use Case #5: Create groups within Onna with service providers and outside counsel to collaborate on matters + discovery requests.
Do you need to provide access to your Slack data to people outside your organization? For example, you may want outside counsel to collaborate on matters in Onna, but you don't want to give them access to all of your data. Within Onna, you can create groups and configure precise accessibility based on those groups, sharing only the required data.
Another example of when groups can be helpful is when working with internal clients, such as Human Resources. For example, suppose they need access to direct messages for specific employees. In that case, you can be very granular in pulling that data and creating a group with those particular access requirements.
Use Case #6: Initiate legal holds across specific Slack workspaces, users, and/or channels.
Many Onna customers choose to collect all their Slack data. Creating this full archive in Onna allows users to prepare for potential legal hold requests and internal investigations. For example, if a legal hold request is received, users with a full Slack archive can put specific custodians on hold for specific date ranges.
Use Case #7: Preserve and archive Slack communications in their native, unaltered format, either wholly or in a granular fashion.
Onna users who have established retention policies can mirror their retention policies in Slack rather than keeping everything in Onna forever. This capability allows you to fully leverage Onna's powers while remaining consistent with your information governance policies.
The Advantages of a Slack Full-Mirrored Sync
One of the first decisions many customers have to make when they onboard with Onna is whether to create a full-mirrored sync of their Slack instance in Onna or conduct on-demand collections. Onna recommends connecting to Slack with one of the three setup options outlined below. Please read the benefits, considerations, and setup processes carefully to see which option best suits your needs.
Option 1: Create a Full-Mirrored Sync
This option provides the most capabilities when it comes to eDiscovery investigations, compliance, and greater information governance needs. This option will sync everything in your Slack instance including:
All existing channels from all existing workspaces within the organization (both public and private)
All direct messages
All multi-person direct messages
All attachments within messages
Benefits
Once data has completed syncing, teams can run searches across their entire Slack instance, including any attachments shared directly within Slack. Note: This option currently excludes links from external apps.
Using Onna’s Preservation feature, legal holds can be placed on specific users without syncing multiple copies of the same conversation.
Retention policies can be mirrored to match the policies set up on Slack. Any information placed on hold will be excluded from the retention policy until the hold is finished.
Considerations
Initially, this option will take the longest to set up as Onna needs to ingest all data from your Slack account. However, once the initial sync is complete, you will have access to all data at a moment’s notice. This option will provide the most value from an eDiscovery and governance perspective.
Setup
The setup time for this option depends on how long the organization has been using Slack, the number of users within the organization, the applied retention policies, and the types of attachments shared at the origin (for example, videos, images, and gifs take longer to process than word documents.) It can take multiple weeks depending on the factors previously listed.
To more accurately predict setup time, we recommend contacting your Slack Rep to ask for an estimated environment size. We will then work with you to provide general estimates on how long it will take to complete a full sync of your Slack environment.
Option 2: Create a Selective Mirrored Sync
This option provides the second most capabilities when it comes to eDiscovery investigations, compliance, and greater information governance needs. Teams choosing this option can select which data they’d like to sync into Onna, including:
Organization Channels
Public Channels by Workspace
Private Channels by Workspace
Direct Messages by username or email
Multi-person direct message by username or email
Any attachments based on the selection
Benefits
This option gives you the power to sync only the data you need — nothing more, nothing less. Since this only covers a partial archive of your Slack Environment, less data will lead to faster set up time.
Retention policies already set up in Slack can be mirrored in Onna. Note: Any information placed on hold will be excluded from deletion until the hold is finished.
Considerations
If you need to place legal holds after your initial sync, you will have to conduct further collections to capture data created afterwards.
You will only be able to search across the data you sync’d, not the entire Slack instance.
Setup
The setup time for this option depends on factors such as: the how long the organization has been using Slack, the number of users within the organization, the applied retention policies, and the types of attachments shared at the origin. It can take multiple weeks depending on the factors previously listed.
To more accurately predict setup time, we recommend contacting your Slack Rep to ask for an estimated environment size. We will then work with you to provide general estimates on how long it will take to complete a full sync of your Slack environment.
Option 3: Create a Custodian-Based Sync
This option is best for one-off eDiscovery investigations and managing legal holds. Teams will be given the option to collect user specific information each time a hold arises. The following options can be set:
Custodian collections can be configured to collect all data in the targeted user(s)’s Slack account or a selection of the following:
Organization Channels
Public Channels by Workspace
Private Channels by Workspace
Direct Messages
Multi-person Direct Messages
Benefits
This option gives you the power to sync only the data you need — nothing more, nothing less.
This option allows you to solve urgent eDiscovery needs in a quick and agile way.
Considerations
This option is the most manual and requires you to connect to Slack each time you want to place custodians on hold.
The data collected can usually only be used for legal holds. You can search for terms across it, but if you need to expand your hold, you would be required to set up another custodian-based sync from Slack.
Duplicate data is created if a custodian is part of numerous holds.
Setup
Collection times will vary for each custodian-based collection based on how active the targeted users were during the time period selected and how many attachments were shared. Most collections take a couple of days at most, and, in rare instances, a couple of weeks.
Tips for Creating a Slack Full-Mirrored Sync in Onna
If you’ve decided to fully archive your Slack, we recommend creating four separate sources – Direct Messages, Multiparty Messages, Private Channels, and Public Channels – instead of doing one big sync. Here’s why:
Breaking out your source helps with the speed of the collection. The rate of ingestion is quicker when you have four concurrent syncs occurring at the same time as opposed to when you have one large pull happening at one time.
It helps with troubleshooting. In a situation where Onna Support needs to investigate an issue with the Slack ingestion, it’s easier to pinpoint a problem within a specific datasource.
It’s easier to resync a specific source if needed in the future. There are instances when your source will need to be resynced. Instead of resyncing an entire Slack source, we’ll be able to take the datasource(s) of interest and resync it, which reduces the amount of time it would take to resync.