Slack EKM logging config modified
Description
AlphaSOC detected the use of the ekm_logging_config_set API call in Slack,
which modifies the Enterprise Key Management (EKM) logging settings.
Impact
Modification of EKM logging configuration could potentially allow adversaries to evade detection by altering or disabling logging mechanisms. This may impair an organization's ability to monitor and investigate security incidents within their Slack workspace.
Severity
| Severity | Condition |
|---|---|
Low | Slack EKM config modified |
Investigation and Remediation
Investigate the user who initiated the EKM configuration change and verify if this action was authorized. If unauthorized, revert the EKM logging configuration to its previous secure state and rotate any potentially compromised credentials.