Unexpected high volume of Slack API calls
Description
AlphaSOC detected the unexpected_api_call_volume event in Slack, which
indicates an unexpectedly high volume of Slack API calls. Such behavior could
indicate the use of a non-standard client or potential scraping activities.
Impact
A high volume of unexpected API calls could signify unauthorized access to the Slack workspace, potentially indicating reconnaissance. This may lead to further compromise within the Slack environment.
Severity
| Severity | Condition |
|---|---|
Low | Unexpected high volume of Slack API calls |
Investigation and Remediation
Investigate the source of the high-volume API calls by reviewing Slack audit logs and identifying the user account responsible. Verify whether the activity was authorized. If unauthorized, sign the potentially compromised account out of all sessions and reset its credentials.