[New Rule] Attempt to Modify or Delete Okta Application Sign On Policy #10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
💚 CLA has been signed |
threat-punter
force-pushed
the
attempt-to-modify-or-delete-okta-application-sign-on-policy
branch
from
776874d to
a3b9be6
Compare
rw-access
added
Domain: Cloud Workloads
Integration: Okta
rw-access
reviewed
Jul 1, 2020
rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Outdated
Show resolved
Hide resolved
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
rw-access
reviewed
Jul 1, 2020
rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Show resolved
Hide resolved
rw-access
approved these changes
Jul 2, 2020
rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Outdated
Show resolved
Hide resolved
brokensound77
approved these changes
Jul 2, 2020
Contributor
brokensound77
left a comment
brokensound77
left a comment
There was a problem hiding this comment.
Just the one suggestion on the name, otherwise LGTM 👍
rw-access
reviewed
Jul 2, 2020
rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Outdated
Show resolved
Hide resolved
…n_policy.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
threat-punter
commented
Jul 2, 2020
rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Outdated
Show resolved
Hide resolved
Contributor
Author
|
Verified that the updated query matches the desired events.
|
peasead
requested changes
Jul 2, 2020
rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Outdated
Show resolved
Hide resolved
Add event.category and event.type values to query
peasead
approved these changes
Jul 2, 2020
threat-punter
commented
Jul 2, 2020
rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Outdated
Show resolved
Hide resolved
threat-punter
deleted the
attempt-to-modify-or-delete-okta-application-sign-on-policy
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues
Resolves #8
Summary
An adversary may attempt to modify or delete the sign on policy for an Okta application in order to remove or weaken an organization's security controls. Please see #8 for further details and example events that will trigger this rule.
Contributor checklist