Slack data prevention rule was modified
Description
AlphaSOC detected modifications to Slack's data loss prevention (DLP) rules
using native_dlp_violation_deleted, native_dlp_rule_deactivated,
native_dlp_rule_created, or native_dlp_rule_reactivated actions. These API
calls allow for the manipulation of DLP policies within Slack, which are
designed to prevent sensitive information from being shared or leaked.
Impact
Unauthorized changes to DLP rules can weaken an organization's data protection measures, potentially leading to the exposure of sensitive information, regulatory compliance violations, or intellectual property theft.
Severity
| Severity | Condition |
|---|---|
Low | Slack data prevention rule was modified |
Investigation and Remediation
Investigate the context of the DLP rule modifications, including the user who initiated the changes and the specific rules affected. Verify whether the action was authorized. If unauthorized, revert the DLP rules to their previous state, revoke the access of any potentially compromised accounts, and conduct a thorough review of all Slack security settings and permissions.