Privileged-Access

A machine learning job has identified an unusual spike in Okta user lifecycle management change events, indicating potential privileged access activity where threat actors may manipulate user accounts to gain higher access rights or persist within the environment.

A machine learning job has identified an unusual spike in Okta group lifecycle change events, indicating potential privilege escalation activity, where adversaries may be altering group structures to escalate privileges, maintain persistence, or facilitate lateral movement within an organization’s identity management system.

A machine learning job has identified a user performing privileged operations in Okta from an uncommon source IP, indicating potential privileged access activity indicative of account compromise or privilege escalation.

A machine learning job identified a spike in Okta group application assignment changes, potentially indicating threat actors escalating privileges, maintaining persistence, or moving laterally by assigning applications to groups.

An unusual process is enumerating built-in Windows privileged local groups membership, such as Administrators or Remote Desktop users, potentially revealing targets for credential compromise and post-exploitation activities.

Detection of a user being added to a privileged role in Azure AD, potentially indicating privilege escalation or persistence by an attacker.

A machine learning job has identified a user leveraging an uncommon privilege type for privileged operations on Windows systems, potentially indicating privileged access activity and requiring investigation for privilege escalation or account manipulation.

A machine learning job has identified an unusual spike in Okta group membership events, indicating potential privileged access activity where attackers or malicious insiders might be adding accounts to privileged groups to escalate their access, potentially leading to unauthorized actions or data breaches.