Techniques
Sample rules
Suspicious Activity Reported by Okta User
- source: elastic
- technicques:
- T1078
Description
Detects when a user reports suspicious activity for their Okta account. These events should be investigated, as they can help security teams identify when an adversary is attempting to gain access to their network.
Detection logic
event.dataset:okta.system and event.action:user.account.report_suspicious_activity_by_enduser