Skip to main content

Several unsuccessful Okta login attempts for a user

ID:okta_multiple_login_failed
Data type:Okta
Severity:
Low
MITRE ATT&CK:TA0001:T1078.004

Description

AlphaSOC detected multiple failed Okta login attempts for a user. This pattern may indicate a potential brute force attack where threat actors attempt to gain unauthorized access to an Okta account by trying different password combinations.

Impact

Repeated failed login attempts could lead to account lockout, disrupting legitimate user access. If successful, attackers would gain access to applications and resources associated with the compromised Okta account, potentially leading to data breaches, unauthorized access to sensitive information, and lateral movement within the infrastructure.

Severity

SeverityCondition
Low
Several unsuccessful Okta login attempts for a user

Investigation and Remediation

Review Okta System Logs to identify the source IP addresses, user agents, and timing patterns of the failed login attempts. If the activity appears suspicious, verify your multi-factor authentication settings and consider blocking the source IP addresses involved. Monitor the account for any successful authentications following the failed attempts and review access logs for applications integrated with Okta to check for any unauthorized access.