LoFP LoFP / whenever an admin starts using new features of the admin console.

Techniques

Sample rules

Okta New Admin Console Behaviours

Description

Detects when Okta identifies new activity in the Admin Console.

Detection logic

condition: selection
selection:
  debugcontext.debugdata.behaviors: POSITIVE
  debugcontext.debugdata.logonlysecuritydata: POSITIVE
  eventtype: policy.evaluate_sign_on
  target.displayname: Okta Admin Console