SlackAuditV2_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Ingestion API Supported ✓ Yes

Contents

Schema (9 columns)

Source: Connector definition

Column Name Type
Action string
ActionDescription dynamic
Actor dynamic
Context dynamic
DateCreate real
Details dynamic
Entity dynamic
Id string
TimeGenerated datetime

Solutions (1)

This table is used by the following solutions:

Connectors (2)

This table is ingested by the following connectors:

Connector Selection Criteria
[DEPRECATED] Slack Audit
SlackAudit (via Codeless Connector Framework)

Content Items Using This Table (20)

Analytic Rules (9)

In solution SlackAudit:

Analytic Rule Selection Criteria
SlackAudit - Empty User Agent
SlackAudit - Multiple archived files uploaded in short period of time
SlackAudit - Multiple failed logins for user
SlackAudit - Public link created for file which can contain sensitive information.
SlackAudit - Suspicious file downloaded.
SlackAudit - Unknown User Agent
SlackAudit - User email linked to account changed.
SlackAudit - User login after deactivated.
SlackAudit - User role changed to admin or owner

Hunting Queries (10)

In solution SlackAudit:

Hunting Query Selection Criteria
SlackAudit - Applications installed
SlackAudit - Deactivated users
SlackAudit - Downloaded files stats
SlackAudit - Failed logins with unknown username
SlackAudit - New User created
SlackAudit - Suspicious files downloaded
SlackAudit - Uploaded files stats
SlackAudit - User Permission Changed
SlackAudit - User logins by IP
SlackAudit - Users joined channels without invites

Workbooks (1)

In solution SlackAudit:

Workbook Selection Criteria
SlackAudit

Parsers Using This Table (1)

Other Parsers (1)

Parser Solution Selection Criteria
SlackAudit SlackAudit

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index