security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ea26ea77d7e99dae852c6fc1787afdc5b3ec0f2c
sigma-rules/rules/integrations/okta
T
History
Terrance DeJesus 0f5b5a3551 [Rule Tuning] Add Okta Investigation Guides Part 1 (#2899) 
* adding investigation guides for Okta rules

* Update rules/integrations/okta/credential_access_attempts_to_brute_force_okta_user_account.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/okta/defense_evasion_attempt_to_deactivate_okta_network_zone.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/okta/defense_evasion_attempt_to_delete_okta_network_zone.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/okta/defense_evasion_okta_attempt_to_deactivate_okta_policy.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/okta/defense_evasion_okta_attempt_to_deactivate_okta_policy_rule.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/okta/defense_evasion_okta_attempt_to_delete_okta_policy.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/okta/defense_evasion_okta_attempt_to_delete_okta_policy_rule.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/okta/defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* Update rules/integrations/okta/impact_okta_attempt_to_deactivate_okta_application.toml

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>

* added MFA to investigation guide for brute forcing

---------

Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
2023-07-17 11:47:02 -04:00
..
credential_access_attempted_bypass_of_okta_mfa.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
credential_access_attempts_to_brute_force_okta_user_account.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
credential_access_mfa_push_brute_force.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
credential_access_okta_brute_force_or_password_spraying.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
credential_access_user_impersonation_access.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_attempt_to_deactivate_okta_network_zone.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_attempt_to_delete_okta_network_zone.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_okta_attempt_to_deactivate_okta_policy_rule.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_okta_attempt_to_deactivate_okta_policy.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_okta_attempt_to_delete_okta_policy_rule.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_okta_attempt_to_delete_okta_policy.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_okta_attempt_to_modify_okta_network_zone.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_okta_attempt_to_modify_okta_policy_rule.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_okta_attempt_to_modify_okta_policy.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
impact_attempt_to_revoke_okta_api_token.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
impact_okta_attempt_to_deactivate_okta_application.toml
[Rule Tuning] Add Okta Investigation Guides Part 1 (#2899)
2023-07-17 11:47:02 -04:00
impact_okta_attempt_to_delete_okta_application.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
impact_okta_attempt_to_modify_okta_application.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
impact_possible_okta_dos_attack.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
initial_access_okta_user_attempted_unauthorized_access.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
initial_access_suspicious_activity_reported_by_okta_user.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
okta_threatinsight_threat_suspected_promotion.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
persistence_administrator_privileges_assigned_to_okta_group.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
persistence_administrator_role_assigned_to_okta_user.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
persistence_attempt_to_create_okta_api_token.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
persistence_attempt_to_deactivate_mfa_for_okta_user_account.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
persistence_attempt_to_reset_mfa_factors_for_okta_user_account.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00
persistence_okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
[Security Content] Tags Reform (#2725)
2023-06-22 18:38:56 -03:00