Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
2 Days |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
Okta Audit Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An Okta network zone was modified by a user.
Attacker's Goals
An attacker may attempt to modify an Okta network zone to weaken an organization's security controls.
Investigative actions
- Follow further actions done by the account.
- Verify that the configuration change was expected.
- Look for signs that the user account is compromised (e.g. abnormal logins, unusual activity).
- Investigate if any other network zones have been changed or removed.
Variations
The user has made an unusual modification to the Okta Network zoneA user modified an Okta network zone with suspicious characteristics