Okta User Logins From Multiple Cities

Description

This search detects logins from the same user from different states in a 24 hour period.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search detects logins from the same user from different states in a 24 hour period.

SPL Difficulty

None

Journey

Stage 2

MITRE ATT&CK Tactics

Defense Evasion
Persistence
Privilege Escalation
Initial Access

MITRE ATT&CK Techniques

Valid Accounts

Default Accounts

Data Sources

Okta

   Help

Okta User Logins From Multiple Cities Help

This search is specific to Okta and requires Okta logs are being ingested in your Splunk deployment.

   Search

Open in Search