- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Set up the okta integration.
Detect when the multi-factor authentication (MFA) factors for an enrolled Okta user are reset followed by that user accessing the administrative console.
This rule lets you monitor the following Okta events to determine when a user’s MFA factors are reset and they access the administrative console:
user.mfa.factor.reset_all
user.session.access_admin_app
Okta’s security team reported a series of social engineering attacks in which attackers would convince service desk staff to reset the MFA factors of highly-privileged users, and leverage this to access administrative features within an Okta tenant.
{{@usr.email}}
to ensure the change to their MFA factors was authorized and it was them accessing the administrative console.