- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Set up the okta integration.
Detect Okta Multi-factor Authentication (MFA) fatigue attacks.
This rule lets you monitor the following Okta events to determine when a user has rejected Okta MFA push verify more than once:
user.mfa.okta_verify.deny_push
for Okta Classicuser.authentication.auth_via_mfa
with debugContext.debugData.factor
of OKTA_VERIFY_PUSH
and @evt.outcome
of FAILURE
for Okta Identity EngineAn attacker may attempt to bombard users with repeated MFA push notifications in order to fatigue them, thereby forcing them into verifying their malicious authentication attempts.
{{@usr.email}}
made the observed authentication attempts.{{@network.client.ip}}
using the Cloud SIEM - IP Investigation dashboard to determine if the IP address has taken other actions.