Set up the slack integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when a Slack audit anomaly event is raised.
Strategy
This rule monitors Slack audit logs for when a Slack anomaly event is raised. Anomaly events are a special part of the Audit Logs API that help surface unexpected user behaviors. There will be a reason code published for any anomalous event. Anomalous events can include:
- Excessive number of file downloads.
- A Tor exit node was used.
- Anomalous behaviour from an administrator account.
Triage and response
- Determine if the behaviour is expected by:
- Contacting the user for more information.
- Check for other signals and logs generated by the impacted user
{{@usr.email}}, and look for deviations in the geolocation, ASN, or device properties.
- If the activity is deemed malicious:
- Begin your organization’s incident response process and investigate.
