Slack EKM Unenrolled
Description
AlphaSOC detected the use of ekm_unenrolled or
ekm_slackbot_unenroll_notification_sent actions, indicating unenrollment of
Slack Enterprise Key Management (EKM).
Impact
Unenrolling from Slack's EKM could significantly reduce an organization's control over its data security. This action may lead to compliance violations or expose sensitive conversations and files to unauthorized access, potentially resulting in data breaches.
Severity
| Severity | Condition |
|---|---|
Low | Slack EKM Unenrolled |
Investigation and Remediation
Investigate the user who initiated the EKM unenrollment and verify if this action was authorized. If unauthorized, re-enable EKM, rotate all potentially compromised encryption keys and credentials.