The Slack Organization Deleted detection rule monitors Slack audit logs for events indicating the deletion of an organization (workspace) within the Slack framework. By analyzing entries in the audit logs where the action is recorded as 'organization_deleted', the rule identifies potential unauthorized or accidental deletions that could impact the accessibility and integrity of the organization's Slack data and user accounts. This rule is configured with a medium severity level and is designed to trigger alerts on the occurrence of such deletions, helping teams quickly investigate and respond to potentially harmful actions. Furthermore, the rule employs a deduplication period of 60 minutes to minimize alert fatigue from repeated triggers within a short time frame, ensuring that only new incidents are reported. Given the importance of maintaining organization structures within Slack, this rule is integral for monitoring compliance and security within the platform, especially for sensitive or heavily utilized environments.