[New Rule] Attempt to Modify or Delete Okta Application Sign On Policy

[threat-punter]

Description

An adversary may attempt to modify or delete the sign on policy for an Okta application in order to remove or weaken an organization's security controls.

Required Info

• Eventing Sources:

filebeat-*

• Target Operating Systems:

• Platforms

Okta

• Target ECS Version: 1.5.0
• New fields required in ECS for this? No Associated issue/PR: N/A

Optional Info

• References:
  • https://developer.okta.com/docs/reference/api/system-log/
  • https://developer.okta.com/docs/reference/api/event-types/

Example Data