Techniques
Sample rules
Okta New Admin Console Behaviours
- source: sigma
- technicques:
- t1078
- t1078.004
Description
Detects when Okta identifies new activity in the Admin Console.
Detection logic
condition: selection
selection:
debugcontext.debugdata.behaviors: POSITIVE
debugcontext.debugdata.logonlysecuritydata: POSITIVE
eventtype: policy.evaluate_sign_on
target.displayname: Okta Admin Console