CLOUD CONNECTOR
Slack Enterprise
Slack is a proprietary business communication platform developed by American software company Slack Technologies. Slack offers many IRC-style features, including persistent chat rooms organized by topic, private groups, and direct messaging.
Securonix integrates with Slack for ingestion of multiple event types, including user and group events, file sharing, channel and workspace management events, and other enterprise and workflow events. The typically associated threats include privilege escalation, data exfiltration, account compromise, and insider threat events.
| Event Service/Module | Event Types | Related Threats |
|---|---|---|
| Access/Admin | Single Sign On , 2FA, User Sign-Ins, List of User Accounts, Email Domain Change, Access to a Set of Resources Granted for the Application | Privilege Escalation, Insider Threats, Account Compromise, Unusual Login Location, Rare Geolocation |
| User | Create, Delete, Migration - Accept/Decline, Guest - Create/Delete/Activate/Deactivate/Expiration Time, Term of Service Agreement | Privilege Escalation/Insider Threat |
| Group | Enable/Disable Users, List/Update Members, Archive - Close/Delete/Join/Open/Rename/Unarchive, Create Group Direct Message, Add/Delete/Change/Update Group Members | Privilege Escalation/Insider Threat |
| File | Create, Share, Upload, Download, Revoke | Data Exfiltration |
| Application | Install/Uninstall App, Subscriptions, App Permission, Scope Restrictions | Account Compromise, Insider Threat, Privilege Escalation |
| Channel | Public & Private Channel - Archive/Create/Delete/History/Updates/Join/Left/Rename/Share/Unarchive, Channel Share/ Unshared With Workspace, Guest Channel Join/Leave | Account Compromise, Insider Threat, DLP, Data Exfiltration |
| Workspace | Create, Delete, Migration - Accept/Decline | Account Compromise, Insider Threat, Privilege Escalation |
| Enterprise Key Management | Enroll, Unenroll, Rekey, Log In, Add/Remove Keys | Account Compromise, Insider Threat, Privilege Escalation |
| Workflows | Create, Delete, Publish, Unpublish, Response CSV Download | Account Compromise, Insider Threat, Privilege Escalation |
| Shared Channels | Shared Channel Connected/Disconnected/Reconnected, Invite Sent/Approved/Accepted/Declined/Expired/Revoked | Insider Threat, DLP, Data Exfiltration |
| Errors | Bad Endpoint, Feature Not Enabled, Invalid Action, Invalid Authentication/Range/Cursor/Workspace, Missing Authentication, Rate Limited, User/Team Not Authorized | DLP, Data Exfiltration, Account Compromise, Phishing, Privilege Escalation |