attack.t1098.001

Github Outside Collaborator Detected

Nov 3, 2025 · attack.privilege-escalation attack.persistence attack.collection attack.t1098.001 attack.t1098.003 attack.t1213.003 ·

Share on:

Detects when an organization member or an outside collaborator is added to or removed from a project board or has their permission level changed or when an owner removes an outside collaborator from an organization or when two-factor authentication is required in an organization and an outside collaborator does not use 2FA or disables 2FA.

Okta Identity Provider Created

Nov 3, 2025 · attack.privilege-escalation attack.persistence attack.t1098.001 ·

Share on:

Detects when a new identity provider is created for Okta.

Added Credentials to Existing Application

Oct 23, 2025 · attack.privilege-escalation attack.t1098.001 attack.persistence ·

Share on:

Detects when a new credential is added to an existing application. Any additional credentials added outside of expected processes could be a malicious actor using those credentials.