SlackAudit - Applications installed

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

This hunt searches for Slack application installation events to identify potentially unauthorized or suspicious app installs by users.

Attribute Value
Type Hunting Query
Solution SlackAudit
ID cefd7f18-9359-4a99-bd18-965983bb724d
Tactics InitialAccess, Persistence
Techniques T1133, T1098.003
Required Connectors SlackAuditAPI
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
SlackAuditNativePoller_CL 🔶 ? ?
SlackAuditV2_CL
SlackAudit_CL 🔶 ? ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Hunting Queries · Back to SlackAudit