New Okta API token generated
Description
AlphaSOC detected that a new Okta API token was generated. Threat actors who gain access to the system may generate new API tokens to establish persistent access to the environment.
Impact
Generation of unauthorized API tokens can provide threat actors with long-term access to your Okta environment, potentially enabling them to access sensitive information, exfiltrate data, or perform other malicious actions.
Severity
| Severity | Condition |
|---|---|
Informational | New Okta API token generated |
Investigation and Remediation
Review Okta System Log to verify whether the API token generation was authorized. If unauthorized, revoke the API token, reset any potentially compromised credentials, and conduct a thorough security audit of the environment for other signs of potential compromise.