Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pre trained Deep Learning models for ESCU - Support for DSDL Version 5.1.1 #2939

Open
atgithub11 opened this issue Jan 9, 2024 · 2 comments
Assignees
Labels
enhancement New feature or request

Comments

@atgithub11
Copy link

https://github.com/splunk/security_content/wiki/How-to-deploy-pre-trained-Deep-Learning-models-for-ESCU

At present, looks like use of these models is only supported on DSDL Version 5.0 with Golden Image CPU 5.0.0

Is there any possibility of supporting this on latest DSDL version 5.1.1 as well?

@atgithub11 atgithub11 added the enhancement New feature or request label Jan 9, 2024
@josehelps josehelps self-assigned this Jan 24, 2024
@josehelps
Copy link
Collaborator

Hey @atgithub11 evaluating this request, will come back to you with an answer hopefully in the next 2 weeks. Thank you for raising.

@AmeManneh
Copy link

AmeManneh commented Nov 26, 2024

@josehelps
Hello Team, can you help me with this OKAT ESCU ALERT: Okta Successful Single Factor Authentication.

index=okta action=success src_user_type = User eventType = user.authentication.verify OR eventType = user.authentication.auth_via_mfa
| stats dc(eventType) values(eventType) as eventType values(target{}.displayName) as targets values(debugContext.debugData.url) min(_time) as firstTime max(_time) as lastTime values(authentication_method) by src_ip user action
| security_content_ctime(firstTime)
| security_content_ctime(lastTime)
| search targets !="Okta Verify"
| okta_successful_single_factor_authentication_filter

The query should be doing: identifies successful single-factor authentication events against the Okta Dashboard for accounts without Multi-Factor Authentication (MFA) enabled. It detects this activity by analyzing Okta logs for successful authentication events where "Okta Verify" is not used.

But it is doing the contrary in our environment, it is showing events where Okta Verify" is used, accounts with Multi-Factor Authentication (MFA) enabled...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants