This detection rule identifies instances where a private Slack channel is converted to a public one. Such activity may indicate potential risk, as sensitive conversations or materials that were confined to a restricted audience can be inadvertently exposed to a wider group of users. The rule evaluates Slack audit logs, looking for specific actions that signal this conversion. It is particularly relevant for organizations leveraging Slack for internal communications, as channel visibility can affect security and compliance posture. Given the high severity assigned to this rule, it is imperative for teams to monitor this activity closely, as it could relate to defense evasion tactics or unauthorized exfiltration of information.