Analytics Alerts
Browse the Cortex analytics alert reference.
1 alert match the current filters. tactic: TA0042 ✕ technique: T1621 ✕
Show ATT&CK heatmapMultiple Okta MFA requests sent to a user Informational Identity Analytics 1 variation
Multiple SSO MFA attempts were sent to the user. This may indicate an MFA fatigue attack.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- 30 Minutes
- Deduplication:
- 1 Day
ATT&CK tactics: Credential Access (TA0006) Resource Development (TA0042)ATT&CK techniques: Compromise Accounts (T1586) Multi-Factor Authentication Request Generation (T1621)Required data: OktaAttacker's goals: An attacker is attempting to gain access to an account secured with MFA.Investigative actions: Verify the reasoning behind the MFA request rejections. Follow further actions performed by the user.Variations
Multiple Okta MFA requests sent to a user with unusual characteristics
Low overridden
Multiple SSO MFA attempts were sent to the user. This may indicate an MFA fatigue attack. overridden