Notifications from Slack security help you monitor and protect your Slack organisation by informing you of important security alerts and automated actions taken to protect your data. Read on for a description of the types of notifications that you’ll receive from Slack security, and how to interpret them.

Note: At the moment, you'll only receive a Slack security notification if you configured them as part of an anomaly event response. We appreciate your patience as we work to expand the scope of these notifications.

Anomaly event response notifications

On Enterprise Grid, org owners, org admins and members with the security admin system role can enable notifications from Slack security when configuring an anomaly event response. These notifications can be sent to the org primary owner and members with the security admin system role, and will include the following details:

• Confirmation that a user's active sessions have been ended
• The audit log anomaly event that initiated the response
• A link to your audit logs

Anomalies serve as indicators of unusual or potentially suspicious activity within your Slack organisation, but require interpretation to determine the importance. If you receive an anomaly event response notification, you should consider reviewing your audit logs to understand the circumstances of the activity best.