User Session Impersonation(Okta)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

A user has started a session impersonation, gaining access with the impersonated users permissions. This typically signifies Okta admin access and should only happen if anticipated and requested.

Attribute	Value
Type	Analytic Rule
Solution	Okta Single Sign-On
ID	35846296-4052-4de2-8098-beb6bb5f2203
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	PrivilegeEscalation
Techniques	T1134, T1134.003
Required Connectors	OktaSSO, OktaSSOv2
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
Okta_CL 🔶	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Okta Single Sign-On