Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
6 Hours |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
Okta Audit Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A device was assigned as an Okta MFA device to a user.
Attacker's Goals
For purposes of maintaining persistence, an attacker could potentially register his device with various accounts that have been compromised.
Investigative actions
- Confirm that the device assignments were intentionally made by the users and are legitimate.
- Examine the IP address and assess its reputation.
- Continue monitoring the accounts for any subsequent actions that may indicate suspicious behavior.