
Summary
This detection rule addresses the security event when a user attempts unauthorized access to an application within the Okta environment. The detection logic is designed to identify entries in the Okta system log that include a specific display message indicating an unauthorized access attempt. This type of access violation can signify potential security threats or misconfigurations in user permissions. False positives may occur when users mistakenly believe they possess access to certain applications, highlighting the necessity of maintaining accurate user access controls and continuously monitoring for genuine unauthorized access attempts. To effectively utilize this rule, it is essential for security teams to review and verify any detected incidents in the context of their organizational policies and user access rights.
Categories
- Identity Management
- Cloud
Data Sources
- User Account
- Application Log
Created: 2021-09-12