SlackAudit - User login after deactivated. — Solutions Analyzer

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

Detects when user email linked to account changes.

Attribute	Value
Type	Analytic Rule
Solution	SlackAudit
ID	`e6e99dcb-4dff-48d2-8012-206ca166b36b`
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	InitialAccess, Persistence, PrivilegeEscalation
Techniques	T1078
Required Connectors	SlackAuditAPI
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
`SlackAuditNativePoller_CL` 🔶	?	✓	?
`SlackAuditV2_CL`	?	✓	?
`SlackAudit_CL` 🔶	?	✓	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to SlackAudit