Okta detection coverage

← Back to main site

Home/ Targets/ Okta

🔑Okta detections

Clankerusecase tracks 7 detection use cases covering the Okta attack surface across 11 MITRE ATT&CK techniques.

Detections targeting Okta IDP — system log, MFA factor changes, admin grants.

Open Detection Library → View on the matrix

7Use cases

11Techniques

1Articles

3Kill-chain phases

Top techniques on Okta (11)

T1556Modify Authentication Process3 T1098Account Manipulation2 T1110.003Password Spraying1 T1199Trusted Relationship1 T1078.004Cloud Accounts1 T1550.001Application Access Token1 T1530Data from Cloud Storage1 T1213Data from Information Repositories1 T1195.002Compromise Software Supply Chain1 T1566.002Spearphishing Link1 T1583.001Domains1

Delivery (3)

Okta MFA bypass attempt Internal delivery · alerting DD Okta user account locked Internal delivery · alerting DD [LLM] DNS / outbound connection to npnjs[.]com phishing infrastructure Bespoke delivery · alerting DSΣPDD

Installation (3)

Okta administrative role assigned to user Internal install · alerting DD Okta application access granted to user Internal install · alerting DD Okta authentication / sign-on policy modified Internal install · alerting DD

Actions on Objectives (1)

[WEEKLY] Vendor / Third-Party OAuth App or SP Sign-in From Unbaselined Egress Followed by Bulk SaaS Object Read Internal actions · alerting DSPDD

Recent articles citing Okta-targeted detections

crit Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise