heroui logo

Okta API Key Revoked

Panther Rules

View Source
Summary
This detection rule monitors the revocation of API keys within Okta, a cloud-based identity management platform. An API key is a unique identifier used to authenticate requests made to the Okta API, and the revocation of such keys can indicate either regular operational activities (like token management by a user) or potentially unauthorized actions that could lead to security incidents. The rule captures events from the Okta System Log when an API key is revoked. It logs the event with the details of the user who performed the action, the results of the request (success or failure), and relevant contextual information about the API key that was affected. The severity level is marked as 'Info', which indicates that while the event is noteworthy, it doesn't immediately signify an issue without further context. Users responsible for managing API keys should validate the legitimacy of the action to ensure that it was authorized and intended.
Categories
  • Identity Management
  • Cloud
  • Application
Data Sources
  • User Account
  • Application Log
  • Cloud Service
Created: 2022-09-02