OktaV2_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Ingestion API Supported ✓ Yes

Contents

Schema (58 columns)

Source: KQL validation test schema

Column Name Type
ActingAppName string
ActingAppType string
ActorDetailEntry dynamic
ActorDisplayName string
ActorSessionId string
ActorUserId string
ActorUserIdType string
ActorUsername string
ActorUsernameType string
ActorUserType string
AuthenticationContextAuthenticationProvider string
AuthenticationContextAuthenticationStep int
AuthenticationContextCredentialProvider string
AuthenticationContextInterface string
AuthenticationContextIssuerId string
AuthenticationContextIssuerType string
DebugData dynamic
DvcAction string
EventMessage string
EventOriginalResultDetails string
EventOriginalType string
EventOriginalUid string
EventResult string
EventSeverity string
HttpUserAgent string
LegacyEventType string
LogonMethod string
OriginalActorAlternateId string
OriginalClientDevice string
OriginalOutcomeResult string
OriginalSeverity string
OriginalTarget dynamic
OriginalUserId string
OriginalUserType string
Request dynamic
SecurityContextAsNumber int
SecurityContextAsOrg string
SecurityContextDomain string
SecurityContextIsProxy bool
SrcDeviceType string
SrcDvcId string
SrcDvcIdType string
SrcDvcOs string
SrcGeoCity string
SrcGeoCountry string
SrcGeoLatitude real
SrcGeoLongtitude real
SrcGeoPostalCode string
SrcGeoRegion string
SrcIpAddr string
SrcIsp string
SrcZone string
TenantId string
TimeGenerated datetime
TransactionDetail dynamic
TransactionId string
TransactionType string
Version string

Solutions (1)

This table is used by the following solutions:

Connectors (2)

This table is ingested by the following connectors:

Connector Selection Criteria
Okta Single Sign-On (via Codeless Connector Framework)
Okta Single Sign-On (using Azure Functions)

Content Items Using This Table (19)

Analytic Rules (8)

In solution Okta Single Sign-On:

Analytic Rule Selection Criteria
Device Registration from Malicious IP
Failed Logins from Unknown or Invalid User
High-Risk Admin Activity
MFA Fatigue (OKTA)
New Device/Location sign-in along with critical operation
Okta Fast Pass phishing Detection
Potential Password Spray Attack
User Login from Different Countries within 3 hours

Hunting Queries (10)

In solution Okta Single Sign-On:

Hunting Query Selection Criteria
Admin privilege granted (Okta)
Create API Token (Okta)
Initiate impersonation session (Okta)
Logins originating from VPS Providers
New device registration from unfamiliar location
Okta Login from multiple locations
Okta login attempts using Legacy Auth
Rare MFA Operations (Okta)
Sign-ins from Nord VPN Providers
User password reset(Okta)

Workbooks (1)

In solution Okta Single Sign-On:

Workbook Selection Criteria
OktaSingleSignOn

Parsers Using This Table (2)

ASIM Parsers (1)

Parser Schema Product Selection Criteria
ASimAuthenticationOktaV2 Authentication Okta

Other Parsers (1)

Parser Solution Selection Criteria
OktaSSO Okta Single Sign-On

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index