Slack manual export downloaded
Description
AlphaSOC detected that a manual export of data has been downloaded from Slack
using the channels_export_downloaded, manual_export_downloaded,
manual_user_export_downloaded, or scheduled_export_downloaded actions. These
API calls allow users to export and download various types of data from a Slack
workspace, including messages, files, and other potentially sensitive
information. Threat actors may exploit these functions to exfiltrate valuable
data from an organization's Slack environment.
Impact
The unauthorized use of these export functions can indicate a potential data exfiltration attempt. This may lead to the exposure of sensitive company information, confidential conversations, intellectual property, or customer data.
Severity
| Severity | Condition |
|---|---|
Low | Slack manual export downloaded |
Investigation and Remediation
Investigate the user account associated with the downloads and the specific files downloaded. Verify whether this action was authorized. If unauthorized, reset affected user credentials and conduct a thorough security assessment of the environment.