Audit logs on Enterprise Grid

Audit logs provide a record of changes and usage on Enterprise Grid that help keep your organization secure and protect against misuse. You can view audit logs right in Slack, export them as a CSV, and use the Audit Logs API to create custom monitoring tools. 

Tip: Learn more about your organization with analytics for Slack Enterprise Grid.


View audit logs in Slack

  1. From your desktop, click your organization name in the sidebar.
  2. Hover over Tools & settings, then click Organization settings.
  3. From the left sidebar, select  Security, then click Audit Logs.
  4. Use the drop-down menus to filter the log entries by Acting user, Event, Affects, or Date range and review the log entries below.
  5. If you'd like, click Export Logs in the top-right corner, then select a formatting option from the drop-down menu to download them.


Monitor anomaly events

Anomaly events can surface potentially suspicious user and app activity in your organization. Use the the audit logs or the Audit Logs API to monitor anomaly events, and help determine whether the activity is expected. 

  1. From your desktop, click your organization name in the sidebar.
  2. Hover over Tools & settings, then click Organization settings.
  3. From the left sidebar, select  Security, then click Audit logs.
  4. Click the Security Detections tab.
  5. If you'd like, you can click   Filters and use the drop-down menus to filter the log entries.

Tip: You can manually sign members out by clicking the   three dots icon next to an anomaly audit log entry, then selecting Sign Out Of Slack. If you'd like, you can also configure an automatic anomaly event response


Use the Audit Logs API

We built the Audit Logs API for Enterprise Grid orgs with security, legal, and compliance in mind. Use the Audit Logs API to:

  • Send data to a security information and event management (SIEM) tool.
  • Watch for potential security issues or malicious attempts to access your org.
  • Build custom apps for better insight into how your company uses Slack. 

 

Note: The availability of audit log data prior to upgrading to Enterprise Grid depends on your previous Slack plan. To learn more about audit logs, contact our Support team.  

Who can use this feature?
  • Org Owners and members with the Audit Logs Admin system role
  • Available on the Enterprise Grid plan

Related Articles

Recently Viewed Articles