CLOUD CONNECTOR

Okta

Okta provides cloud-based identity management software that helps companies manage and secure user authentication, and for developers to build identity controls into applications, web services, and devices.

Securonix integrates with the Okta System Log API to ingest Okta events and identify threats such as privilege escalation, credential theft, account compromise, DDoS and brute force password attacks, unusual account behavior, as well as insider threats.

Event Service/Module Events Handled/Ingested Related Threats Use Cases/Threat Packages Details
Group Group Membership, Application Access, Privilege and Lifecycle Management Privilege Escalation, Unusual Account Behavior Fraud, Insider Threat, Access Events relating to user group activation, management and deactivation
Security Blacklist Rule Violations, Blacklist Management, Blocked Requests, Okta ThreatInsight Configuration Updates, and Threat Alerts Identity Threats, Account Compromise, Unusual Geolocation Fraud, Insider Threat, Access Events involving incoming threats that are blacklisted by policy or ThreatInsight results
User User Authentication and Session, User Account Lifecycle, Superuser Account Access, User Account Autolock/Lock Limit, User Privilege Management, Suspicious User Activity, Account Password Management, Agent-Based User Authentication, RADIUS/MFA/SSO/IWA/Rich Client/SAML/LDAP/Social/Other Authentication Events, User Session Events, MFA Configuration Events Brute Force Login Attempts, DDoS, Account Compromise, Privilege Escalation, Root Account Compromise, Unusual Account Behavior Privileged Account, Access, Cyber Threat (Malware), Identity and Access Analytics User management, authentication and activity
Policy
Policy Rule Management, Policy Execution, Policy Lifecycle Events
Privilege Escalation, Unusual Account Behavior Fraud, Insider Threat, Access Policy-linked events, such as policy rule changes
System Endpoint Rate Limiting Warnings, Violations and Concurrent Rate Limit Warnings, Active Directory Agent Management, API Token Management, Account Unlocking, MFA (SMS/Phone/Email) Events Brute Force Login Attempts, DDoS, Account Compromise Access, Cyber Threat (Malware), Identity and Access Analytics Okta system alerts, including alerts for endpoint rate-limit results
Application Application Sign-On Policies, Application User and Group Provisioning, Application Lifecycle (Create, Activate, Deactivate etc.), Application User/Group Membership Updates, Application Integration, etc. Unusual Application Access, Privilege Escalation Access, Cyber Threat (Malware), Identity and Access Analytics Integrated application alerts, such as application
Others OAuth2, Mobile Devices, SAML, Kerberos, Office 365 and others Credential Compromise, Unusual/Rare Account Behavior, Rare Device Usage, Rare Application Access Access, Cyber Threat (Malware), Identity and Access Analytics Device, geolocation and other useful alerts