Unexpected Slack session with inconsistent client fingerprint

ID:slack_session_anomaly

Data type:Slack

Severity:

Low

Description

AlphaSOC detected a session_fingerprint Slack anomaly, indicating an unexpected Slack session with an inconsistent client fingerprint or an unexpected or stale timestamp associated with the session.

Impact

An inconsistent fingerprint may indicate that a threat actor is attempting to bypass authentication mechanisms. This may lead to data exfiltration, unauthorized data access, or further lateral movement within the organization's Slack workspace.

Severity

Severity	Condition
Low	Unexpected Slack session with inconsistent client fingerprint

Investigation and Remediation

Investigate the affected Slack account for any suspicious activity and verify the legitimacy of the session. If the session is unauthorized, terminate it using the admin.users.session.invalidate API call or reset the affected user credentials.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation