
Summary
This rule detects when an administrative role is assigned to a user or group within the Okta environment, which could indicate a potential escalation of privileges that should be monitored for suspicious activities. The detection is implemented by observing specific event types such as 'group.privilege.grant' and 'user.account.privilege.grant' from the Okta system logs. Given that administrative roles can significantly increase access levels and capabilities, the assignment of such roles can present a risk if associated with unauthorized users or groups. The alerts generated will allow for prompt investigation of the circumstances under which the roles were assigned, helping to prevent abuse of elevated privileges.
Categories
- Identity Management
- Cloud
Data Sources
- User Account
- Application Log
Created: 2021-09-12