This detection rule monitors Slack admin activities pertaining to user session resets. It identifies when an admin invalidates user sessions more than once within a 24-hour period, which indicates a potential Denial of Service (DoS) attack on the Slack application. This type of activity can exhaust the application’s resources and disrupt normal user operations. The rule is critical as it can denote malicious or erroneous admin actions that could impact the accessibility of the Slack workspace for legitimate users. The rule is built on the premise that frequent resets can lead to application exhaustion and should be treated with urgency. The associated severity level of 'Critical' underscores the importance of preventing such DoS scenarios, especially in environments that rely heavily on Slack for communication and collaboration.