Okta has open-sourced ready-made Sigma-based queries for Auth0 prospects to detect account takeovers, misconfigurations, and suspicious habits in occasion logs.
Auth0 is Okta’s id and entry administration (IAM) platform utilized by organizations for login, authentication, and consumer administration providers.
By releasingg the detection guidelines, the corporate goals to assist safety groups shortly analyze Auth0 logs for suspicious exercise that would point out intrusion makes an attempt, account takeovers, the creation of rogue admin accounts, SMS bombing, and token theft.
Till now, Auth0 prospects needed to construct their very own detection guidelines from occasion logs or depend on what got here out-of-the-box in Auth0’s Safety Heart.
With the launch of Buyer Detection Catalog, a curated, open-source, community-driven repository, Okta proovides builders, tenant directors, DevOps groups, SOC analysts, and risk hunters a method to improve their proactive risk detection.
“The Auth0 Buyer Detection Catalog permits safety groups to combine customized, real-world detection logic instantly into their log streaming and monitoring instruments, enriching the detection capabilities of the Auth0 platform,” reads the announcement.
“The catalog gives a rising assortment of pre-built queries, contributed by Okta personnel and the broader safety group, that floor suspicious actions like anomalous consumer habits, potential account takeovers and misconfigurations.”
The public GitHub repository contains Sigma guidelines, making it broadly usable throughout SIEM and logging instruments and permitting contributions and validations from Okta’s total buyer base.
Auth0 customers can reap the benefits of the brand new Buyer Detection Catalog by way of these steps:
- Entry the GitHub repository and clone or obtain the repository regionally.
- Set up a Sigma converter, resembling sigma-cli, to translate the supplied guidelines into the question syntax supported by your SIEM or log evaluation platform.
- Import the transformed queries into your monitoring workflow and configure them to run towards Auth0 occasion logs.
- Run the principles towards historic logs to validate that they work as supposed, and alter filters to scale back false positives.
- Deploy the validated detections into manufacturing, and usually test the GitHub repository to drag any vital updates submitted by Okta or the group.
Okta welcomes anybody writing new guidelines or refining present ones to submit them to the repo thorough a GitHub pull request to assist enhance protection for the entire Auth0 group.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.
