Detects users downloading many files in a short amount of time via Slack. Adversaries may use existing, legitimate web services and applications to download files to avoid detection.
The time threshold and number of file threshold should be adjusted to suit the user environment.
Source table → app.slack.audit
