Sample rules
Attempt to Modify an Okta Policy
- source: elastic
- technicques:
- T1562
Description
Detects attempts to modify an Okta policy. An adversary may attempt to modify an Okta policy in order to weaken an organization’s security controls. For example, an adversary may attempt to modify an Okta multi-factor authentication (MFA) policy in order to weaken the authentication requirements for user accounts.
Detection logic
event.dataset:okta.system and event.action:policy.lifecycle.update
Attempt to Delete an Okta Policy
- source: elastic
- technicques:
- T1562
Description
Detects attempts to delete an Okta policy. An adversary may attempt to delete an Okta policy in order to weaken an organization’s security controls. For example, an adversary may attempt to delete an Okta multi-factor authentication (MFA) policy in order to weaken the authentication requirements for user accounts.
Detection logic
event.dataset:okta.system and event.action:policy.lifecycle.delete