Tag
high
advisory
Okta User Risk Threshold Exceeded via Aggregated Suspicious Activities
2 rules 2 TTPsThis correlation identifies when a user exceeds a risk threshold based on multiple suspicious Okta activities by aggregating risk events from 'Suspicious Okta Activity,' 'Okta Account Takeover,' and 'Okta MFA Exhaustion' analytic stories, highlighting potentially compromised user accounts exhibiting multiple TTPs that could lead to unauthorized access, privilege escalation, or persistence.
Okta +3
account-takeover
risk-framework
2r
2t
high
advisory
Okta User Risk Threshold Exceeded
2 rules 3 TTPsA user exceeding a risk threshold in Okta indicates a potential account compromise, leveraging Enterprise Security's Risk Framework by aggregating risk events from multiple suspicious Okta activities, which may lead to unauthorized access and privilege escalation.
Okta
account-takeover
risk-framework
2r
3t