As new threats continue to emerge and security stacks become more varied over cloud, on-premise, and SaaS solutions, it is imperative that vendors offer flexibility across environments and come together to develop tools that will help improve security.
But not everyone has time to create and maintain detections. We’re all well aware of staffing shortages and how thinly spread security teams can be.
This is where Chronicle Security Operations (and partners like Okta) can help. We recognize that customers require the ability to easily access and tune detection rules across various use cases to their own unique needs. And Chronicle and Okta have been collaborating to bring these use case-based detections to an even wider audience.
How do we do that? Our adoption engineering team worked closely with Okta to build a set of detections that we are launching to the community. Additionally, these rules have been shared with the Google Cloud Threat Intelligence (GCTI) researchers to develop a subset of curated, out-of-the-box detection rules sets that help surface cloud attack vectors and provide high-fidelity, contextualized alerts to give insight into potential threats into your environment. These community rules provide actionable intelligence to ensure that you have the detections and the context you need to make smart, fast decisions.
You can check out the full list and details on Okta’s blog, but here’s a few use cases we focused on:
-
Phishing leveraging Okta’s FastPass technology
-
Credential access after hours
-
Anomalous login events across multiple regions
-
Multiple invalid credential access attempts from the same IP
-
Brute force authentication attempts, such as multiple failed attempts to access applications
-
Multi-factor authentication anomalies including mismatches in the push request
-
User has reached their Okta account login limit
-
Creating API tokens Detecting session cookie reuse
-
Leveraging Okta’s ThreatInsight capabilities that detect attacks
Chronicle customers can visit our community rules Github site to download these rules today. Once downloaded, they can be further customized to meet your unique requirements and provide visibility into threats for Okta users.