Slack API calls from an unexpected user agent

ID:slack_user_agent_anomaly

Data type:Slack

Severity:

Low

Description

AlphaSOC detected unexpected_user_agent or user_agent events in Slack, indicating API calls from an unexpected user agent.

Impact

The use of an unexpected user agent to access the Slack API can indicate a potential compromise of user credentials. This can lead to unauthorized access to sensitive data, data exfiltration, or other malicious activities.

Severity

Severity	Condition
Low	Slack API calls from an unexpected user agent

Investigation and Remediation

Review Slack audit logs to find the user account associated with the unexpected user agent. Investigate their activity and verify whether it is authorized. If unauthorized, reset affected user credentials and conduct a thorough security assessment for other signs of potential compromise.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation