Navigation :
Okta Failed Sso Attempts
Description
Detect failed Okta SSO events
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring
Category
Adversary Tactics
Alert Volume
Detect failed Okta SSO events
SPL Difficulty
None
Journey
Stage 2
MITRE ATT&CK Tactics
Defense Evasion
Persistence
Privilege Escalation
Initial Access
MITRE ATT&CK Techniques
Valid Accounts
Default Accounts
Data Sources
Okta
Help |
---|
Okta Failed Sso Attempts HelpThis search is specific to Okta and requires Okta logs are being ingested in your Splunk deployment. |
Search |
---|
`okta` displayMessage="User attempted unauthorized access to app" | stats min(_time) as firstTime max(_time) as lastTime values(app) as Apps count by user, result ,displayMessage, src_ip | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` | `okta_failed_sso_attempts_filter` Open in Search |