Okta API Token Revoked
Detects when a API Token is revoked.
Sigma rule (View on GitHub)
1title: Okta API Token Revoked
2id: cf1dbc6b-6205-41b4-9b88-a83980d2255b
3status: test
4description: Detects when a API Token is revoked.
5references:
6 - https://developer.okta.com/docs/reference/api/system-log/
7 - https://developer.okta.com/docs/reference/api/event-types/
8author: Austin Songer @austinsonger
9date: 2021/09/12
10modified: 2022/10/09
11tags:
12 - attack.impact
13logsource:
14 product: okta
15 service: okta
16detection:
17 selection:
18 eventtype: system.api_token.revoke
19 condition: selection
20falsepositives:
21 - Unknown
22
23level: medium
References
Related rules
- Okta Application Modified or Deleted
- Okta Application Sign-On Policy Modified or Deleted
- Okta Network Zone Deactivated or Deleted
- Okta Policy Modified or Deleted
- Okta Policy Rule Modified or Deleted