Elastic Docs Elastic Security Solution [8.10] Detections and alerts Prebuilt rule reference
« Attempt to Install Root Certificate Attempt to Modify an Okta Network Zone »

Attempt to Modify an Okta Applicationedit

Detects attempts to modify an Okta application. An adversary may attempt to modify, deactivate, or delete an Okta application in order to weaken an organization’s security controls or disrupt their business operations.

Rule type: query

Rule indices:

  • filebeat-*
  • logs-okta*

Severity: low

Risk score: 21

Runs every: 5m

Searches indices from: None (Date Math format, see also Additional look-back time)

Maximum alerts per execution: 100

References:

Tags:

  • Use Case: Identity and Access Audit
  • Data Source: Okta
  • Tactic: Impact

Version: 103

Rule authors:

  • Elastic

Rule license: Elastic License v2

Investigation guideedit












Rule queryedit






event.dataset:okta.system and event.action:application.lifecycle.update




Framework: MITRE ATT&CKTM














« Attempt to Install Root Certificate


Attempt to Modify an Okta Network Zone »