Update okta_network_zone_deactivated_or_deleted.yml
This commit is contained in:
Austin Songer
@@ -1 +1,29 @@
|
||||
NOT READ YET
|
||||
NOT READY YET
|
||||
|
||||
title: Okta
|
||||
id:
|
||||
description: Detects when an
|
||||
author: Austin Songer
|
||||
status: experimental
|
||||
date: 2021/
|
||||
references:
|
||||
- https://developer.okta.com/docs/reference/api/system-log/
|
||||
- https://developer.okta.com/docs/reference/api/event-types/
|
||||
logsource:
|
||||
service: okta
|
||||
detection:
|
||||
selection:
|
||||
eventtype:
|
||||
-
|
||||
-
|
||||
displaymessage:
|
||||
-
|
||||
-
|
||||
condition: selection
|
||||
level: medium
|
||||
tags:
|
||||
- attack.impact
|
||||
falsepositives:
|
||||
- Okta <Placeholder> being modified or deleted may be performed by a system administrator.
|
||||
- Verify whether the user identity, user agent, and/or hostname should be making changes in your environment.
|
||||
- Okta <Placeholder> modified or deleted from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule.
|
||||
|
||||
Reference in New Issue
Block a user