Navigation :

Okta Failed Sso Attempts

Description

Detect failed Okta SSO events

Content Mapping

This content is not mapped to any local saved search. Add mapping

Use Case

Security Monitoring

Alert Volume

Detect failed Okta SSO events

SPL Difficulty

None

Journey

Stage 2

MITRE ATT&CK Tactics

Defense Evasion

Persistence

Privilege Escalation

Initial Access

MITRE ATT&CK Techniques

Valid Accounts

Default Accounts

Data Sources

Okta

Help
Okta Failed Sso Attempts Help This search is specific to Okta and requires Okta logs are being ingested in your Splunk deployment.

Help

Okta Failed Sso Attempts Help

This search is specific to Okta and requires Okta logs are being ingested in your Splunk deployment.

Search
`okta` displayMessage="User attempted unauthorized access to app" \| stats min(_time) as firstTime max(_time) as lastTime values(app) as Apps count by user, result ,displayMessage, src_ip \| `security_content_ctime(firstTime)` \| `security_content_ctime(lastTime)` \| `okta_failed_sso_attempts_filter` Open in Search

Search

`okta` displayMessage="User attempted unauthorized access to app" | stats  min(_time) as firstTime max(_time) as lastTime values(app) as Apps count by user, result ,displayMessage, src_ip | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` | `okta_failed_sso_attempts_filter`

Open in Search