New

The executive guide to generative AI

Read more

Unauthorized Access to an Okta Application

edit

Unauthorized Access to an Okta Application

edit

Identifies unauthorized access attempts to Okta applications.

Rule type: query

Rule indices:

  • filebeat-*
  • logs-okta*

Severity: low

Risk score: 21

Runs every: 5m

Searches indices from: None (Date Math format, see also Additional look-back time)

Maximum alerts per execution: 100

References: None

Tags:

  • Elastic
  • Identity
  • Okta
  • Continuous Monitoring
  • SecOps
  • Identity and Access

Version: 4

Rule authors:

  • Elastic
  • Austin Songer

Rule license: Elastic License v2

Investigation guide

edit

Rule query

edit
event.dataset:okta.system and event.action:app.generic.unauth_app_access_attempt

Framework: MITRE ATT&CKTM

Was this helpful?
Feedback