Okta Security Threat Detected

 1title: Okta Security Threat Detected
 2id: 5c82f0b9-3c6d-477f-a318-0e14a1df73e0
 3status: test
 4description: Detects when an security threat is detected in Okta.
 5references:
 6    - https://okta.github.io/okta-help/en/prod/Content/Topics/Security/threat-insight/configure-threatinsight-system-log.htm
 7    - https://developer.okta.com/docs/reference/api/system-log/
 8    - https://developer.okta.com/docs/reference/api/event-types/
 9author: Austin Songer @austinsonger
10date: 2021-09-12
11modified: 2022-10-09
12tags:
13    - attack.command-and-control
14logsource:
15    product: okta
16    service: okta
17detection:
18    selection:
19        eventtype: security.threat.detected
20    condition: selection
21falsepositives:
22    - Unknown
23level: medium

References

• 
  Read More

• System Log | Okta Developer

  Secure, scalable, and highly available authentication and user management for any app.

  
  Read More

• Event Types | Okta Developer

  Secure, scalable, and highly available authentication and user management for any app.

  
  Read More

Related rules

• ADSI-Cache File Creation By Uncommon Tool
• APT User Agent
• APT40 Dropbox Tool User Agent
• Activity from Anonymous IP Addresses
• Activity from Infrequent Country