Slack IdP configuration changed
Set up the slack integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when there has been a modification to a Slack identity provider (IdP) configuration setting.
Strategy
This rule monitors Slack audit logs for when a configuration has been modified in Slack’s IdP settings. Attackers may try to modify authentication processes to access user credentials or gain unauthorized access to other accounts.
Triage and response
- Determine if the change taken by
{{@usr.email}} is authorized. - If the change was not authorized or was unexpected, begin your organization’s incident response process and investigate.
