Okta User Account Locked Out

 1title: Okta User Account Locked Out
 2id: 14701da0-4b0f-4ee6-9c95-2ffb4e73bb9a
 3status: test
 4description: Detects when an user account is locked out.
 5references:
 6    - https://developer.okta.com/docs/reference/api/system-log/
 7    - https://developer.okta.com/docs/reference/api/event-types/
 8author: Austin Songer @austinsonger
 9date: 2021-09-12
10modified: 2022-10-09
11tags:
12    - attack.impact
13    - attack.t1531
14logsource:
15    product: okta
16    service: okta
17detection:
18    selection:
19        displaymessage: Max sign in attempts exceeded
20    condition: selection
21falsepositives:
22    - Unknown
23level: medium

References

• System Log | Okta Developer

  Secure, scalable, and highly available authentication and user management for any app.

  
  Read More

• Event Types | Okta Developer

  Secure, scalable, and highly available authentication and user management for any app.

  
  Read More

Related rules

• AWS ElastiCache Security Group Modified or Deleted
• Azure Kubernetes Service Account Modified or Deleted
• Google Cloud Service Account Disabled or Deleted
• Group Has Been Deleted Via Groupdel
• Remove Account From Domain Admin Group