CLOUD CONNECTOR
Okta
Okta provides cloud-based identity management software that helps companies manage and secure user authentication, and for developers to build identity controls into applications, web services, and devices.
Securonix integrates with the Okta System Log API to ingest Okta events and identify threats such as privilege escalation, credential theft, account compromise, DDoS and brute force password attacks, unusual account behavior, as well as insider threats.
| Event Service/Module | Events Handled/Ingested | Related Threats | Use Cases/Threat Packages | Details |
|---|---|---|---|---|
| Group | Group Membership, Application Access, Privilege and Lifecycle Management | Privilege Escalation, Unusual Account Behavior | Fraud, Insider Threat, Access | Events relating to user group activation, management and deactivation |
| Security | Blacklist Rule Violations, Blacklist Management, Blocked Requests, Okta ThreatInsight Configuration Updates, and Threat Alerts | Identity Threats, Account Compromise, Unusual Geolocation | Fraud, Insider Threat, Access | Events involving incoming threats that are blacklisted by policy or ThreatInsight results |
| User | User Authentication and Session, User Account Lifecycle, Superuser Account Access, User Account Autolock/Lock Limit, User Privilege Management, Suspicious User Activity, Account Password Management, Agent-Based User Authentication, RADIUS/MFA/SSO/IWA/Rich Client/SAML/LDAP/Social/Other Authentication Events, User Session Events, MFA Configuration Events | Brute Force Login Attempts, DDoS, Account Compromise, Privilege Escalation, Root Account Compromise, Unusual Account Behavior | Privileged Account, Access, Cyber Threat (Malware), Identity and Access Analytics | User management, authentication and activity |
| Policy |
Policy Rule Management, Policy Execution, Policy Lifecycle Events |
Privilege Escalation, Unusual Account Behavior | Fraud, Insider Threat, Access | Policy-linked events, such as policy rule changes |
| System | Endpoint Rate Limiting Warnings, Violations and Concurrent Rate Limit Warnings, Active Directory Agent Management, API Token Management, Account Unlocking, MFA (SMS/Phone/Email) Events | Brute Force Login Attempts, DDoS, Account Compromise | Access, Cyber Threat (Malware), Identity and Access Analytics | Okta system alerts, including alerts for endpoint rate-limit results |
| Application | Application Sign-On Policies, Application User and Group Provisioning, Application Lifecycle (Create, Activate, Deactivate etc.), Application User/Group Membership Updates, Application Integration, etc. | Unusual Application Access, Privilege Escalation | Access, Cyber Threat (Malware), Identity and Access Analytics | Integrated application alerts, such as application |
| Others | OAuth2, Mobile Devices, SAML, Kerberos, Office 365 and others | Credential Compromise, Unusual/Rare Account Behavior, Rare Device Usage, Rare Application Access | Access, Cyber Threat (Malware), Identity and Access Analytics | Device, geolocation and other useful alerts |