OKTA has Open-SURS-Reddy-MAD-based queries for Auth0 customers, to detect account acquisition, misconstitution and suspected behavior in the event log.
Author is identified and access management (IAM) platform of Okta used by organizations for login, authentication and user management services.
By issuing detection rules, the company’s goal is to help the security teams to analyze the Auth0 logs quickly for suspicious activity that may indicate infiltration efforts, account acquisition, evil administrative accounts building, SMS bombing and token theft.
Till now, Author customers had to build rules for their own detection from the event log or to rely on what came-off-the-box in Authority Center.
With the launch of the customer detection catalog, a curated, open-source, community-driven repository, OkTA providers developers, tancent administrators, Devops team, SOC analysts and threaters have a means to find out their active threats.
“Auth0 Customer Detection Catalogs allow security teams to integrate the argument of custom, real-world detection directly to their log streaming and monitoring tools, which enrich the identification capabilities of the Author platform,” Reads the announcement,
“Catalog offers a growing collection of pre-made questions, contributed by OkTT personnel and comprehensive security community, that surface suspicious activities such as an anomalic user behavior, potential account acquisition and misunderstanding.”
Public github repository The sigma rules include, which makes it widely usable in the Siem and logging tools and allows contribution and beliefs from the entire customer base of the OkTA.
Author users can avail new customer identification catalogs through these steps:
- Reach Github Repository and Clone or download repository at the local level.
- Install a Sigma Converter like Sigma-CLI to translate the rules provided in Querry Syntax supported by your Siem or log analysis platform.
- Import questions converted into your monitoring workflow and configure them to run against Auth0 Event Log.
- Run the rules against the historical log that they believe that they act as intentions, and adjust the filter to reduce false positivity.
- Deploy valid identities in production, and regularly check the github repository to pull Okta or any important update presented by the community.
Okta helps anyone to fully fulfill a github bridge request to write new rules or to refine to existing people to help improve coverage for the entire Auth0 community.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
