GitHub Repo

Data Source: Okta

Date: 2025-01-23

ID: ec26febe-e760-4981-bbee-72e107c7b9d2

Author: Patrick Bareiss, Splunk

Description

Logs authentication and administrative activities captured by Okta, including user login attempts, session management, and configuration changes.

Details

Property Value
Source Okta
Sourcetype OktaIM2:log
Name ▲▼ Technique ▲▼ Type ▲▼
Okta Authentication Failed During MFA Challenge Cloud Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation TTP
Okta IDP Lifecycle Modifications Cloud Account Anomaly
Okta MFA Exhaustion Hunt Brute Force Hunting
Okta Mismatch Between Source and Response for Verify Push Request Multi-Factor Authentication Request Generation TTP
Okta Multi-Factor Authentication Disabled Multi-Factor Authentication TTP
Okta Multiple Accounts Locked Out Brute Force Anomaly
Okta Multiple Failed MFA Requests For User Multi-Factor Authentication Request Generation Anomaly
Okta Multiple Failed Requests to Access Applications Web Session Cookie, Cloud Service Dashboard Hunting
Okta Multiple Users Failing To Authenticate From Ip Password Spraying Anomaly
Okta New API Token Created Default Accounts TTP
Okta New Device Enrolled on Account Device Registration TTP
Okta Phishing Detection with FastPass Origin Check Default Accounts, Modify Authentication Process TTP
Okta Risk Threshold Exceeded Valid Accounts, Brute Force Correlation
Okta Successful Single Factor Authentication Cloud Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation Anomaly
Okta Suspicious Activity Reported Default Accounts TTP
Okta Suspicious Use of a Session Cookie Steal Web Session Cookie Anomaly
Okta ThreatInsight Threat Detected Cloud Accounts Anomaly
Okta Unauthorized Access to Application Cloud Account Anomaly
Okta User Logins from Multiple Cities Cloud Accounts Anomaly
Geographic Improbable Location Valid Accounts Anomaly
Okta Non-Standard VPN Usage Valid Accounts, Protocol Tunneling, Proxy TTP

Supported Apps

Required Output Fields

  • dest

  • src

  • user

Source: GitHub | Version: 2