Slack Token Advanced (All Types)
Service Name: Slack
Service Description: Slack is a business communication platform that offers many IRC-style features, including persistent chat rooms (channels), private groups, and direct messaging.
Service Address: [https://slack.com/](https://slack.com/)
Slack Token Advanced
SLACK_TOKEN_ADVANCED
-
Validation Type: API Auth
-
IP Allow list: Does not exist
-
Secret Access Scope: Grants access to Slack workspaces and allows for various operations depending on the token type (bot, user, app, etc.)
-
Secret Revokement URL:
https://slack.com/help/articles/215770388-Create-and-regenerate-API-tokens -
Secret Example:
xoxb-1234567890123-1234567890123-AbCdEfGhIjKlMnOpQrStUvWx -
Suspicious Activity Investigation Instructions:
-
Check Slack audit logs for unauthorized access or unusual API calls
-
Review app installations and integrations in your Slack workspace
-
Check for messages or data being sent to external channels
-
Review user access logs for suspicious login patterns
-
Monitor for unusual bot activities or automated actions
-
-
Mitigation Instructions:
-
Immediately revoke the compromised token in the Slack admin dashboard
-
Navigate to your Slack workspace settings
-
Go to the Apps section and find the app associated with the token
-
Click on "Remove App" or regenerate the token
-
Review and update permissions for all Slack apps
-
Enable additional security features like IP restrictions if available
-
Notify your security team about the potential breach
-