You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@josehelps
Hello Team, can you help me with this OKAT ESCU ALERT: Okta Successful Single Factor Authentication.
index=okta action=success src_user_type = User eventType = user.authentication.verify OR eventType = user.authentication.auth_via_mfa
| stats dc(eventType) values(eventType) as eventType values(target{}.displayName) as targets values(debugContext.debugData.url) min(_time) as firstTime max(_time) as lastTime values(authentication_method) by src_ip user action
| security_content_ctime(firstTime)
| security_content_ctime(lastTime)
| search targets !="Okta Verify"
| okta_successful_single_factor_authentication_filter
The query should be doing: identifies successful single-factor authentication events against the Okta Dashboard for accounts without Multi-Factor Authentication (MFA) enabled. It detects this activity by analyzing Okta logs for successful authentication events where "Okta Verify" is not used.
But it is doing the contrary in our environment, it is showing events where Okta Verify" is used, accounts with Multi-Factor Authentication (MFA) enabled...
https://github.com/splunk/security_content/wiki/How-to-deploy-pre-trained-Deep-Learning-models-for-ESCU
At present, looks like use of these models is only supported on DSDL Version 5.0 with Golden Image CPU 5.0.0
Is there any possibility of supporting this on latest DSDL version 5.1.1 as well?
The text was updated successfully, but these errors were encountered: