Okta - Learn more about the Okta Standard Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex

Okta - Learn more about the Okta Standard Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about the Okta Standard Collector and content pack integrations in Cortex XSIAM.

You can configure collecting Okta logs and data using a Standard Collector or with a content pack integration:

Okta vendor	Description
Standard Collector overview	Forward logs and data to Cortex XSIAM from Okta using the Okta data source.
Link to Standard Collector instructions	The following types of logs can be ingested from Okta: Activity logs Configuration data, when enabled with a Cloud Posture Security or Cloud Runtime Security add-on. For more information, see Ingest logs and data from Okta.
Link to content pack/integration details	The Okta content pack integrates with Okta's cloud-based identity management service to provide identity-centric visibility, enrichment, and automated response capabilities against threats. It contains automations, classifiers, modeling rules, parsing rules, playbooks, and scripts. It also includes the following integrations: Okta IAM: Use this integration to interact with Okta's Identity Access Management service for executing CRUD operations related to employee lifecycle processes. It supports commands for selected features, such as those related to the Preference Center. Okta v2: Use this integration to integrate with Okta's cloud-based identity management service. It includes commands such as `okta-expire-password`, which can optionally revoke existing sessions and require a password change at next login, and supports updating network zones and getting user information by email. Okta Event Collector: Use this integration to collect event logs for authentication and Audit provided by the Okta admin API. It supports fetching events and includes commands related to date parsing.

Okta vendor

Description

Standard Collector overview

Forward logs and data to Cortex XSIAM from Okta using the Okta data source.

Link to Standard Collector instructions

The following types of logs can be ingested from Okta:

Activity logs
Configuration data, when enabled with a Cloud Posture Security or Cloud Runtime Security add-on.

For more information, see Ingest logs and data from Okta.

Link to content pack/integration details

The Okta content pack integrates with Okta's cloud-based identity management service to provide identity-centric visibility, enrichment, and automated response capabilities against threats. It contains automations, classifiers, modeling rules, parsing rules, playbooks, and scripts. It also includes the following integrations:

Okta IAM: Use this integration to interact with Okta's Identity Access Management service for executing CRUD operations related to employee lifecycle processes. It supports commands for selected features, such as those related to the Preference Center.
Okta v2: Use this integration to integrate with Okta's cloud-based identity management service. It includes commands such as okta-expire-password, which can optionally revoke existing sessions and require a password change at next login, and supports updating network zones and getting user information by email.
Okta Event Collector: Use this integration to collect event logs for authentication and Audit provided by the Okta admin API. It supports fetching events and includes commands related to date parsing.