Okta API Token Created

 1title: Okta API Token Created
 2id: 19951c21-229d-4ccb-8774-b993c3ff3c5c
 3status: test
 4description: Detects when a API token is created
 5references:
 6    - https://developer.okta.com/docs/reference/api/system-log/
 7    - https://developer.okta.com/docs/reference/api/event-types/
 8author: Austin Songer @austinsonger
 9date: 2021-09-12
10modified: 2022-10-09
11tags:
12    - attack.persistence
13logsource:
14    product: okta
15    service: okta
16detection:
17    selection:
18        eventtype: system.api_token.create
19    condition: selection
20falsepositives:
21    - Legitimate creation of an API token by authorized users
22level: medium

References

• System Log | Okta Developer

  Secure, scalable, and highly available authentication and user management for any app.

  
  Read More

• Event Types | Okta Developer

  Secure, scalable, and highly available authentication and user management for any app.

  
  Read More

Related rules

• A Member Was Added to a Security-Enabled Global Group
• A Member Was Removed From a Security-Enabled Global Group
• A New Trust Was Created To A Domain
• A Security-Enabled Global Group Was Deleted
• AWS ECS Task Definition That Queries The Credential Endpoint