Elastic Security Detection Rules

Unauthorized Access to an Okta Application

Last updated 13 days ago on 2024-12-09
Created 4 years ago on 2021-05-14

About

Identifies unauthorized access attempts to Okta applications.
Tags
Tactic: Initial AccessUse Case: Identity and Access AuditData Source: Okta
Severity
low
Risk Score
21
MITRE ATT&CK™

Initial Access (TA0001)(opens in a new tab or window)

Valid Accounts (T1078)(opens in a new tab or window)

Defense Evasion (TA0005)(opens in a new tab or window)

Persistence (TA0003)(opens in a new tab or window)

Privilege Escalation (TA0004)(opens in a new tab or window)

License
Elastic License v2(opens in a new tab or window)

Definition

Rule Type
Query (Kibana Query Language)
Integration Pack
Prebuilt Security Detection Rules
Index Patterns
filebeat-*logs-okta*
Related Integrations

okta(opens in a new tab or window)

Query
event.dataset:okta.system and event.action:app.generic.unauth_app_access_attempt

Install detection rules in Elastic Security

Detect Unauthorized Access to an Okta Application in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(opens in a new tab or window).