Slack API calls from an unexpected IP address
Description
AlphaSOC detected events indicating API calls from an unexpected IP address. These events suggest that Slack API calls were sent from a network or location that is not typically associated with this user.
Impact
The use of an unexpected IP address to access the Slack API can indicate a potential compromise of user credentials. This can lead to unauthorized access to sensitive data, data exfiltration, or other malicious activities.
Severity
| Severity | Condition |
|---|---|
Low | Slack API calls from an unexpected IP address |
Investigation and Remediation
Review Slack audit logs to find the user associated with the unexpected IP address, investigate their activity, and verify whether it was authorized. If unauthorized, reset affected user credentials and conduct a thorough security assessment for other signs of potential compromise.