Okta - User Investigation
This playbook performs an investigation on a specific user, using queries and logs from Okta.
Okta · 40 tasks · 3 inputs · 10 outputs
Inputs
UserEmail— The user email to search Okta logs.LoginCountry— The Country code from which the user logged in. Country Code Alpha 2 (Example: US)ASN— The ASN from which the user logged in.
Outputs
PermanentCountry— True if the user work from a permanent country. False if else.UserDevices— Devices used by the user.NumOfOktaSuspiciousActivities— Number of Suspicious Activities for the user.SuspiciousUserActivities— Suspicious Activities for the user.NumOfOktaSuspiciousUserAgent— Number of Suspicious User Agent.SuspiciousUserAgent— Suspicious User Agent.UserApplication— Applications used by the user.NumOfOktaFailedLogon— Number of failed login.NumOfFailedLogonASN— Number of failed login from ASN by all users.LogonCountries— The countries from which the user logged in.
Commands used
okta-get-logs