open-menu
closeme
Multiple Okta Sessions Detected for a Single User
calendar
Dec 19, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Lateral Movement
·
Share on:
twitter
facebook
linkedin
copy
Administrator Privileges Assigned to an Okta Group
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Administrator Role Assigned to an Okta User
calendar
Dec 9, 2024
·
Data Source: Okta
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Create Okta API Token
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Deactivate an Okta Application
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Deactivate an Okta Network Zone
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Deactivate an Okta Policy
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Deactivate an Okta Policy Rule
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Defense Evasion
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Delete an Okta Application
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Delete an Okta Network Zone
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Delete an Okta Policy
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Delete an Okta Policy Rule
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Modify an Okta Application
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Modify an Okta Network Zone
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Modify an Okta Policy
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Modify an Okta Policy Rule
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Defense Evasion
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Reset MFA Factors for an Okta User Account
calendar
Dec 9, 2024
·
Tactic: Persistence
Use Case: Identity and Access Audit
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Revoke Okta API Token
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Attempted Bypass of Okta MFA
calendar
Dec 9, 2024
·
Data Source: Okta
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Attempts to Brute Force an Okta User Account
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
First Occurrence of Okta User Session Started via Proxy
calendar
Dec 9, 2024
·
Tactic: Initial Access
Use Case: Identity and Access Audit
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
High Number of Okta Device Token Cookies Generated for Authentication
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
High Number of Okta User Password Reset or Unlock Attempts
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
MFA Deactivation with no Re-Activation for Okta User Account
calendar
Dec 9, 2024
·
Tactic: Persistence
Use Case: Identity and Access Audit
Data Source: Okta
Domain: Cloud
·
Share on:
twitter
facebook
linkedin
copy
Modification or Removal of an Okta Application Sign-On Policy
calendar
Dec 9, 2024
·
Tactic: Persistence
Use Case: Identity and Access Audit
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Multiple Device Token Hashes for Single Okta Session
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Credential Access
Domain: SaaS
·
Share on:
twitter
facebook
linkedin
copy
Multiple Okta User Auth Events with Same Device Token Hash Behind a Proxy
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Multiple Okta User Authentication Events with Client Address
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Multiple Okta User Authentication Events with Same Device Token Hash
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
New Okta Authentication Behavior Detected
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Initial Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
New Okta Identity Provider (IdP) Added by Admin
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Persistence
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Okta Brute Force or Password Spraying Attack
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Okta FastPass Phishing Detection
calendar
Dec 9, 2024
·
Tactic: Initial Access
Use Case: Identity and Access Audit
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Okta Sign-In Events via Third-Party IdP
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Initial Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Okta ThreatInsight Threat Suspected Promotion
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Okta User Session Impersonation
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Okta User Sessions Started from Different Geolocations
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Possible Okta DoS Attack
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Okta MFA Bombing via Push Notifications
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Potentially Successful MFA Bombing via Push Notifications
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Stolen Credentials Used to Login to Okta Account After MFA Reset
calendar
Dec 9, 2024
·
Tactic: Persistence
Use Case: Identity and Access Audit
Data Source: Okta
Data Source: Elastic Defend
Rule Type: Higher-Order Rule
Domain: Endpoint
Domain: Cloud
·
Share on:
twitter
facebook
linkedin
copy
Successful Application SSO from Rare Unknown Client Device
calendar
Dec 9, 2024
·
Domain: SaaS
Data Source: Okta
Use Case: Threat Detection
Use Case: Identity and Access Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Activity Reported by Okta User
calendar
Dec 9, 2024
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Unauthorized Access to an Okta Application
calendar
Dec 9, 2024
·
Tactic: Initial Access
Use Case: Identity and Access Audit
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Unauthorized Scope for Public App OAuth2 Token Grant with Client Credentials
calendar
Dec 9, 2024
·
Domain: SaaS
Data Source: Okta
Use Case: Threat Detection
Use Case: Identity and Access Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
to-top