Okta Reported Threat Detected

Cortex XDR Analytics Alert Reference by Alert name

Product
Cortex XDR
Last date published
2024-10-08
Category
Analytics Alert Reference
Order
Alert name

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

3 Hours

Deduplication Period

1 Day

Required Data

  • Requires:
    • Okta Audit Log

Detection Modules

Identity Threat Module

Detector Tags

Okta Audit Analytics

ATT&CK Tactic

Initial Access (TA0001)

ATT&CK Technique

Valid Accounts (T1078)

Severity

Informational

Description

Okta Threat Insight Reported Threat Detected.

Attacker's Goals

An attacker tries infiltrating an Okta account to gain unauthorized access to valuable resources.

Investigative actions

  • Investigate the original events that were reported as suspicious.
  • Investigate additional alerts that are activated based on the IP address.
  • Follow further actions done by the ip.

Variations

Okta detected multiple threats from the same IP along with other suspicious characteristics

Synopsis

ATT&CK Tactic

Initial Access (TA0001)

ATT&CK Technique

Valid Accounts (T1078)

Severity

Low

Description

Okta Threat Insight Reported Threat Detected.

Attacker's Goals

An attacker tries infiltrating an Okta account to gain unauthorized access to valuable resources.

Investigative actions

  • Investigate the original events that were reported as suspicious.
  • Investigate additional alerts that are activated based on the IP address.
  • Follow further actions done by the ip.