heroui logo

Okta FastPass Phishing Detection

Sigma Rules

View Source
Summary
The 'Okta FastPass Phishing Detection' rule is designed to identify instances where the Okta FastPass authentication system has intervened to prevent users from accessing a known phishing site. This detection mechanism is crucial in safeguarding user accounts from potential credential theft and unauthorized access attempts. The rule focuses specifically on events where the outcome of an authentication attempt via multi-factor authentication (MFA) is classified as a 'FAILURE', with the reason explicitly indicating that the FastPass system declined a phishing attempt. By monitoring these specific failure events, organizations can gain insights into attempted phishing attacks and enhance overall security measures. This rule is particularly relevant for environments utilizing Okta for user authentication and access management, where phishing attacks can significantly compromise user credentials. Through continuous monitoring and analysis of these events, security teams can respond effectively to potential security threats, minimizing the risk associated with phishing attacks.
Categories
  • Cloud
  • Identity Management
Data Sources
  • User Account
  • Application Log
Created: 2023-05-07