security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e91fc4486e57fc40e30d12253694de4c80a9e4ea
blue-team-tools/rules/cloud/okta/okta_api_token_created.yml
T

24 lines
566 B
YAML
Raw Normal View History

Update okta_api_token_created.yml
2021-09-12 20:14:27 -05:00
title: Okta API Token Created
id: 19951c21-229d-4ccb-8774-b993c3ff3c5c
description: Detects when a API token is created
Update okta_api_token_created.yml
2021-09-22 19:51:31 -05:00
author: Austin Songer @austinsonger
Create okta_api_token_created.yml
2021-09-12 19:47:21 -05:00
status: experimental
Update okta_api_token_created.yml
2021-09-12 20:14:27 -05:00
date: 2021/09/12
Update okta_api_token_created.yml
2021-09-22 19:53:36 -05:00
modified: 2021/09/22
Create okta_api_token_created.yml
2021-09-12 19:47:21 -05:00
references:
- https://developer.okta.com/docs/reference/api/system-log/
- https://developer.okta.com/docs/reference/api/event-types/
logsource:
Add okta product
2021-11-14 10:58:26 +01:00
product: okta
Create okta_api_token_created.yml
2021-09-12 19:47:21 -05:00
service: okta
detection:
selection:
Update okta_api_token_created.yml
2021-09-12 20:14:27 -05:00
eventtype: system.api_token.create
Create okta_api_token_created.yml
2021-09-12 19:47:21 -05:00
condition: selection
level: medium
tags:
Update okta_api_token_created.yml
2021-09-12 20:14:27 -05:00
- attack.persistence
Create okta_api_token_created.yml
2021-09-12 19:47:21 -05:00
falsepositives:
Update okta_api_token_created.yml
2021-09-12 20:14:27 -05:00
- Unknown
Update okta_api_token_created.yml
2021-09-12 23:34:08 -05:00
Reference in New Issue Copy Permalink