SlackAudit - User role changed to admin or owner

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query helps to detect a change in the users role to admin or owner.

Attribute	Value
Type	Analytic Rule
Solution	SlackAudit
ID	be6c5fc9-2ac3-43e6-8fb0-cb139e04e43e
Severity	Low
Status	Available
Kind	Scheduled
Tactics	Persistence, PrivilegeEscalation
Techniques	T1098, T1078
Required Connectors	SlackAuditAPI
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
SlackAuditNativePoller_CL 🔶	?	✓	?
SlackAuditV2_CL	?	✓	?
SlackAudit_CL 🔶	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to SlackAudit