Unexpected Slack API calls indicating message deletion activity
Description
AlphaSOC detected an unexpected_message_deletion event in Slack, indicating
that a user deleted an excessive number of messages.
Impact
Unexpected excessive deletion of Slack messages may indicate an ongoing attack, where adversaries are trying to destroy data or files to conceal their activity within the environment or disrupt business operations.
Severity
| Severity | Condition |
|---|---|
Low | Unexpected Slack API calls indicating message deletion activity |
Investigation and Remediation
Review Slack audit logs to find the user account associated with the excessive message deletions. Verify whether this activity was authorized. If unauthorized, reset affected user credentials and conduct a thorough security assessment of the environment.