Unexpected Slack API calls indicating excessive file sharing

ID:slack_excessive_file_sharing_anomaly

Data type:Slack

Severity:

Low

Description

AlphaSOC detected an excessive_file_shares event in Slack, indicating a user sharing an unusually high number of files. This behavior could signify a data exfiltration attempt by threat actors.

Impact

Unauthorized excessive file sharing in Slack can indicate potential data exfiltration. This can result in exposure of sensitive company information, intellectual property, or customer data.

Severity

Severity	Condition
Low	Unexpected Slack API calls indicating excessive file sharing

Investigation and Remediation

Investigate the user account associated with the excessive file sharing and the specific files shared. Verify if this activity was authorized. If unauthorized, reset affected user credentials and conduct a thorough security assessment.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation