Okta has open-sourced ready-made Sigma-based queries for Auth0 clients to detect account takeovers, misconfigurations, and suspicious habits in occasion logs.
Auth0 is Okta’s identification and entry administration (IAM) platform utilized by organizations for login, authentication, and consumer administration providers.
By releasingg the detection guidelines, the corporateĀ goals to assist safety groups shortly analyze Auth0 logs for suspicious exercise that might point out intrusion makes an attempt, account takeovers, the creation of rogue admin accounts, SMS bombing, and token theft.
Till now, Auth0 clients needed to construct their very own detection guidelines from occasion logs or depend on what got here out-of-the-box in Auth0ās Safety Heart.
With the launch of Buyer Detection Catalog, a curated, open-source, community-driven repository, Okta proovides builders, tenant directors, DevOps groups, SOC analysts, and menace hunters a way to improve their proactive menace detection.
āThe Auth0 Buyer Detection Catalog permits safety groups to combine customized, real-world detection logic instantly into their log streaming and monitoring instruments, enriching the detection capabilities of the Auth0 platform,ā reads the announcement.
āThe catalog gives a rising assortment of pre-built queries, contributed by Okta personnel and the broader safety neighborhood, that floor suspicious actions like anomalous consumer habits, potential account takeovers and misconfigurations.ā
The public GitHub repository consists of Sigma guidelines, making it broadly usable throughout SIEM and logging instruments and permitting contributions and validations from Oktaās whole buyer base.
Auth0 customers can make the most of the brand new Buyer Detection Catalog by means of these steps:
- Entry the GitHub repository and clone or obtain the repository domestically.
- Set up a Sigma converter, reminiscent of sigma-cli, to translate the supplied guidelines into the question syntax supported by your SIEM or log evaluation platform.
- Import the transformed queries into your monitoring workflow and configure them to run towards Auth0 occasion logs.
- Run the foundations towards historic logs to validate that they work as meant, and regulate filters to cut back false positives.
- Deploy the validated detections into manufacturing, and repeatedly examine the GitHub repository to drag any vital updates submitted by Okta or the neighborhood.
Okta welcomes anybody writingĀ new guidelines or refiningĀ present ones to submit them to the repo thorough a GitHub pull request to assist enhance protection for the entire Auth0 neighborhood.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.
