Frequently Asked Questions

DBOT is brought to you by We are a U.S.-based security software company led by security veterans who are committed to make the world a safer place. To learn more about us visit our website: www.demisto.com
Yes. We currently use IBM X-Force Exchange, VirusTotal , and clamAV. We are grateful to the communities and companies behind these services for their support. We may add more services as well as replace the current ones in the future. Check this page for changes.
Anybody who uses Slack benefits from the security scanning provided by Slack. In addition, IT security professionals and analysts benefit from DBOT by comfortably checking IP addresses, URLs, files, fie hashes, without leaving Slack.
No you don't. We believe that each user should do their part to secure systems. We have designed DBOT so that you can secure your channels yourself.
No, the queries to 3rd party services are done anonymously.
Yes, it is. DBOT is a preview of the security automation capabilities that we will be building in our product. DBOT will remain free for all users and you can enjoy secure collaboration.
Yes. DBOT is an open source project, code named Alfred. We have started multiple open source projects that can be found on our github page.
No we’re not. We only store your e-mail address so we can be in touch with you. We also keep anonymous statistics of the number of messages that DBOT scanned. DBOT scans all messages for malware and other risks but does not store the messages anywhere.
We keep your e-mail address so that we can contact you in the future with news about Demisto and new products. We do not sell or share your information with anyone else. Check out our Privacy Policy for more details.
Please email us and we will remove your account.
You do. For several reasons:
  1. To the best of our knowledge at this stage no other product scans Slack messages for risks.
  2. It is always better to identify a risk early (e.g. when it first appears in Slack) vs. late (e.g. when downloaded to your PC or phone).
  3. Many users access Slack from several devices. A malicious content can put all devices at risk.
We use services that continuously check URLs and IP addresses for malicious activity. These services collect threat information from multiple sources and provide up to date information. When DBOT sees an IP address or URL in a message it automatically queries these services to find out whether the address is known to be bad.
We use services that continuously index malware as well as scan files for trojans, viruses and other malware. When DBOT recognizes a posting of a file in a Slack message, it checks the file and warns you if a known malware is detected.
You need to exercise good judgement. It is advisable not to follow a link that is known to be malicious and not to download a malicious file to any of your devices. It is also advisable to ask the person who posted a malicious file to delete it from Slack to prevent other users from accidentally downloading it.
We recommend that you scan all channels, all private groups and all direct messages as malware can appear anywhere. However, you do have the choice of selecting particular channels if you wish to limit the protection provided by DBOT to these channels only.
We got this image from Philip Peterson.