Sample rules
Attempt to Modify an Okta Application
- source: elastic
- technicques:
Description
Detects attempts to modify an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.update
Attempt to Delete an Okta Application
- source: elastic
- technicques:
- T1489
Description
Detects attempts to delete an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.delete
Sample rules
Attempt to Modify an Okta Application
- source: elastic
- technicques:
Description
Detects attempts to modify an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.update
Attempt to Delete an Okta Application
- source: elastic
- technicques:
- T1489
Description
Detects attempts to delete an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.delete
Attempt to Deactivate an Okta Application
- source: elastic
- technicques:
- T1489
Description
Detects attempts to deactivate an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.deactivate
Sample rules
Attempt to Modify an Okta Application
- source: elastic
- technicques:
Description
Detects attempts to modify an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.update
Attempt to Delete an Okta Application
- source: elastic
- technicques:
- T1489
Description
Detects attempts to delete an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.delete
Sample rules
Attempt to Modify an Okta Application
- source: elastic
- technicques:
Description
Detects attempts to modify an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.update
Attempt to Delete an Okta Application
- source: elastic
- technicques:
- T1489
Description
Detects attempts to delete an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.delete
Attempt to Deactivate an Okta Application
- source: elastic
- technicques:
- T1489
Description
Detects attempts to deactivate an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.
Detection logic
event.dataset:okta.system and event.action:application.lifecycle.deactivate
Attempt to Deactivate an Okta Network Zone
- source: elastic
- technicques:
- T1562
Description
Detects attempts to deactivate an Okta network zone. Okta network zones can be configured to limit or restrict access to a network based on IP addresses or geolocations. An adversary may attempt to modify, delete, or deactivate an Okta network zone in order to remove or weaken an organization’s security controls.
Detection logic
event.dataset:okta.system and event.action:zone.deactivate