Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
IDC Study: Customers cite 407% ROI with Google Chronicle. Learn More IDC Study: Customers cite 407% ROI with Google Chronicle. .
Better Together: Detecting Suspicious Okta Events with Chronicle Detections
Kristen Cooper, John Stoner
Security Operations Product Marketing and Principal Security Strategist
August 3, 2023
Try Chronicle
Detect, investigate and respond to cyber threats with Google's cloud-native Security Operations Suite.
Contact Us

As new threats continue to emerge and security stacks become more varied over cloud, on-premise, and SaaS solutions, it is imperative that vendors offer flexibility across environments and come together to develop tools that will help improve security.  

But not everyone has time to create and maintain detections.  We’re all well aware of staffing shortages and how thinly spread security teams can be. 

This is where Chronicle Security Operations (and partners like Okta) can help. We recognize that customers require the ability to easily access and tune detection rules across various use cases to their own unique needs. And Chronicle and Okta have been collaborating to bring these use case-based detections to an even wider audience. 

How do we do that? Our adoption engineering team worked closely with Okta to build a set of detections that we are launching to the community.  Additionally, these rules have been shared with the Google Cloud Threat Intelligence (GCTI) researchers to develop a subset of curated, out-of-the-box detection rules sets that help surface cloud attack vectors and provide high-fidelity, contextualized alerts to give insight into potential threats into your environment. These community rules provide actionable intelligence to ensure that you have the detections and the context you need to make smart, fast decisions.

 You can check out the full list and details on Okta’s blog, but here’s a few use cases we focused on:

  • Phishing leveraging Okta’s FastPass technology

  • Credential access after hours

  • Anomalous login events across multiple regions

  • Multiple invalid credential access attempts from the same IP

  • Brute force authentication attempts, such as multiple failed attempts to access applications

  • Multi-factor authentication anomalies including mismatches in the push request

  • User has reached their Okta account login limit

  • Creating API tokens Detecting session cookie reuse

  • Leveraging Okta’s ThreatInsight capabilities that detect attacks

Chronicle customers can visit our community rules Github site to download these rules today. Once downloaded, they can be further customized to meet  your unique requirements and provide visibility into threats for Okta users.

Secops Cloud Security

Let’s work together

Ready for Google-speed threat detection and response?

Contact us Visit the contact us page