Okta Unauthorized Access to App

Detects when unauthorized access to app occurs.

Sigma rule (View on GitHub)

 1title: Okta Unauthorized Access to App
 2id: 6cc2b61b-d97e-42ef-a9dd-8aa8dc951657
 3status: test
 4description: Detects when unauthorized access to app occurs.
 5references:
 6    - https://developer.okta.com/docs/reference/api/system-log/
 7    - https://developer.okta.com/docs/reference/api/event-types/
 8author: Austin Songer @austinsonger
 9date: 2021-09-12
10modified: 2022-10-09
11tags:
12    - attack.impact
13logsource:
14    product: okta
15    service: okta
16detection:
17    selection:
18        displaymessage: User attempted unauthorized access to app
19    condition: selection
20falsepositives:
21    - User might of believe that they had access.
22level: medium

References

Related rules

to-top