Data Source: Okta System Logs

Okta Multiple OS Names Detected for a Single DT Hash

Nov 24, 2025 · Domain: Identity Data Source: Okta Data Source: Okta System Logs Use Case: Threat Detection Tactic: Credential Access Resources: Investigation Guide ·

Share on:

Identifies when a single Okta device token hash (dt_hash) is associated with multiple operating system types. This is highly anomalous because a device token is tied to a specific device and its operating system. This alert strongly indicates that an attacker has stolen a device token and is using it to impersonate a legitimate user from a different machine.

Potential Okta MFA Bombing via Push Notifications

Sep 11, 2025 · Domain: Identity Use Case: Identity and Access Audit Tactic: Credential Access Data Source: Okta Data Source: Okta System Logs Resources: Investigation Guide ·

Share on:

Detects when an attacker abuses the Multi-Factor authentication mechanism by repeatedly issuing login requests until the user eventually accepts the Okta push notification. An adversary may attempt to bypass the Okta MFA policies configured for an organization to obtain unauthorized access.

Potentially Successful Okta MFA Bombing via Push Notifications

Sep 11, 2025 · Domain: Identity Use Case: Identity and Access Audit Tactic: Credential Access Data Source: Okta Data Source: Okta System Logs Resources: Investigation Guide ·

Share on:

Detects when an attacker abuses the Multi-Factor authentication mechanism by repeatedly issuing login requests until the user eventually accepts the Okta push notification. An adversary may attempt to bypass the Okta MFA policies configured for an organization to obtain unauthorized access.