Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
Okta Audit Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
The user has successfully registered a new device with the Okta Verify application.
Attacker's Goals
Attackers may exploit the device registration process in Okta by registering unauthorized devices, thereby gaining access to sensitive resources and user accounts within an organization.
Investigative actions
- Reach out to the user responsible for the device registration to confirm its legitimacy.
- Examine the user's actions preceding and following the activation of the alert.
- Assess the reputation of the IP address along with that of the Autonomous System Number (ASN).
- Make sure the IP address is not showing any abnormal activity.
- Monitor the activity from the new registered device and ensure that it matches the user's normal activity.