Okta Security Threat Detected

Detects when an security threat is detected in Okta.

Sigma rule (View on GitHub)

 1title: Okta Security Threat Detected
 2id: 5c82f0b9-3c6d-477f-a318-0e14a1df73e0
 3status: test
 4description: Detects when an security threat is detected in Okta.
 5references:
 6    - https://okta.github.io/okta-help/en/prod/Content/Topics/Security/threat-insight/configure-threatinsight-system-log.htm
 7    - https://developer.okta.com/docs/reference/api/system-log/
 8    - https://developer.okta.com/docs/reference/api/event-types/
 9author: Austin Songer @austinsonger
10date: 2021/09/12
11modified: 2022/10/09
12tags:
13    - attack.command_and_control
14logsource:
15    product: okta
16    service: okta
17detection:
18    selection:
19        eventtype: security.threat.detected
20    condition: selection
21falsepositives:
22    - Unknown
23level: medium

References

Related rules

to-top