SlackAudit - User logins by IP

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This hunt surfaces Slack user login activity by source IP to identify unusual account access patterns and credential abuse.

Attribute	Value
Type	Hunting Query
Solution	SlackAudit
ID	85850974-acbf-47bd-a635-4e3511b553c0
Severity	Medium
Tactics	InitialAccess, Persistence, DefenseEvasion
Techniques	T1078, T1078.001, T1078.003
Required Connectors	SlackAuditAPI
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
SlackAuditNativePoller_CL 🔶	?	✓	?
SlackAuditV2_CL	✓	✓	✓
SlackAudit_CL 🔶	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries · Back to SlackAudit