Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
Okta Audit Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A user created a new API token in Okta.
Attacker's Goals
An attacker's goal is to gain unauthorized access, compromise user accounts, and perform malicious actions within an organization's systems, potentially leading to data breaches, account takeovers, and the escalation of privileges.
Investigative actions
- Review the actions taken by the user that created the token.
- Follow the operations made using this API token by the ID token.
- Contact the user who created the API token and ensure that the API token is needed.