Slack Enterprise

Slack is a proprietary business communication platform developed by American software company Slack Technologies. Slack offers many IRC-style features, including persistent chat rooms organized by topic, private groups, and direct messaging.

Securonix integrates with Slack for ingestion of multiple event types, including user and group events, file sharing, channel and workspace management events, and other enterprise and workflow events. The typically associated threats include privilege escalation, data exfiltration, account compromise, and insider threat events.

Event Service/Module Event Types Related Threats
Access/Admin Single Sign On , 2FA, User Sign-Ins, List of User Accounts, Email Domain Change, Access to a Set of Resources Granted for the Application Privilege Escalation, Insider Threats, Account Compromise, Unusual Login Location, Rare Geolocation
User Create, Delete, Migration - Accept/Decline, Guest - Create/Delete/Activate/Deactivate/Expiration Time, Term of Service Agreement Privilege Escalation/Insider Threat
Group Enable/Disable Users, List/Update Members, Archive - Close/Delete/Join/Open/Rename/Unarchive, Create Group Direct Message, Add/Delete/Change/Update Group Members Privilege Escalation/Insider Threat
File Create, Share, Upload, Download, Revoke Data Exfiltration
Application Install/Uninstall App, Subscriptions, App Permission, Scope Restrictions Account Compromise, Insider Threat, Privilege Escalation
Channel Public & Private Channel - Archive/Create/Delete/History/Updates/Join/Left/Rename/Share/Unarchive, Channel Share/ Unshared With Workspace, Guest Channel Join/Leave Account Compromise, Insider Threat, DLP, Data Exfiltration
Workspace Create, Delete, Migration - Accept/Decline Account Compromise, Insider Threat, Privilege Escalation
Enterprise Key Management Enroll, Unenroll, Rekey, Log In, Add/Remove Keys Account Compromise, Insider Threat, Privilege Escalation
Workflows Create, Delete, Publish, Unpublish, Response CSV Download Account Compromise, Insider Threat, Privilege Escalation
Shared Channels Shared Channel Connected/Disconnected/Reconnected, Invite Sent/Approved/Accepted/Declined/Expired/Revoked Insider Threat, DLP, Data Exfiltration
Errors Bad Endpoint, Feature Not Enabled, Invalid Action, Invalid Authentication/Range/Cursor/Workspace, Missing Authentication, Rate Limited, User/Team Not Authorized DLP, Data Exfiltration, Account Compromise, Phishing, Privilege Escalation