Detectionmediumtest
Okta Unauthorized Access to App
Detects when unauthorized access to app occurs.
Convert In Phoenix Studio
Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.
Launch
Log Source
Oktaokta
ProductOkta← raw: okta
Serviceokta← raw: okta
Detection Logic
Detection Logic1 selector
detection:
selection:
displaymessage: User attempted unauthorized access to app
condition: selectionFalse Positives
User might of believe that they had access.
MITRE ATT&CK
Tactics
Rule Metadata
Rule ID
6cc2b61b-d97e-42ef-a9dd-8aa8dc951657
Status
test
Level
medium
Type
Detection
Created
Sun Sep 12
Modified
Sun Oct 09
Author
Path
rules/identity/okta/okta_unauthorized_access_to_app.yml
Raw Tags
attack.impact