github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-31 14:20:04 +00:00
Code Issues Projects Releases Wiki Activity

Update rules/okta_rules.yaml

Browse Source 
Signed-off-by: darryk10 <stefano.chierici@sysdig.com>
Co-authored-by: Thomas Labarussias <issif+github@gadz.org>
This commit is contained in:
schie
2022-03-23 17:03:18 +01:00
committed by poiana
parent 48041a517b
commit 64f0cefab0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/okta_rules.yaml
View File

@@ -163,7 +163,7 @@
- rule: Detecting unknwon logins using geolocation
desc: Detect a logins event based on user geolocation
condition: okta.evt.type = "user.session.start" and not user_known_countries
output: "A user logged in OKTA from a sospicious country (user=%okta.actor.name, ip=%okta.client.ip, country=%okta.client.geo.country)"
output: "A user logged in OKTA from a suspicious country (user=%okta.actor.name, ip=%okta.client.ip, country=%okta.client.geo.country)"
priority: NOTICE
source: okta
tags: [okta]