Analytics Alerts

Browse the Cortex analytics alert reference.

Severity
Detection module
Data source

1 alert match the current filters. tactic: TA0042 ✕ technique: T1621 ✕

Show ATT&CK heatmap
  • Multiple Okta MFA requests sent to a user Informational Identity Analytics 1 variation

    Multiple SSO MFA attempts were sent to the user. This may indicate an MFA fatigue attack.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    30 Minutes
    Deduplication:
    1 Day
    ATT&CK tactics: Credential Access (TA0006) Resource Development (TA0042)
    ATT&CK techniques: Compromise Accounts (T1586) Multi-Factor Authentication Request Generation (T1621)
    Required data: Okta
    Attacker's goals: An attacker is attempting to gain access to an account secured with MFA.
    Investigative actions: Verify the reasoning behind the MFA request rejections. Follow further actions performed by the user.

    Variations

    Multiple Okta MFA requests sent to a user with unusual characteristics

    Low overridden

    Multiple SSO MFA attempts were sent to the user. This may indicate an MFA fatigue attack. overridden