Okta’s new GitHub catalog helps detect takeovers and abuse.
Okta has launched a catalog of Sigma-based queries for Auth0 users. These rules help detect suspicious activities, such as account takeovers, misconfigurations, or suspicious behavior in logs.
Less Dependent on Default Functionality
Auth0 is Okta’s identity and access management platform used for login and user management. Until now, customers had to build detection rules themselves or rely on what was included by default in the Security Center module.
With the Auth0 Customer Detection Catalog, security teams can now use a community-maintained repository of Sigma rules. These are widely applicable in various SIEM and log tools and are shared via a public GitHub repository.
Customizable and Expandable
The detection rules are suitable for SOC analysts, DevOps teams, and administrators, among others, and detect issues such as suspicious login attempts, creation of shadow admin accounts, and stolen tokens.
Users can install the rules locally, convert them to the appropriate format for their SIEM platform, and deploy them in their existing log monitoring. Okta encourages contributions via pull requests to keep the catalog up-to-date together with the community.