Okta API rate limits reached
Description
AlphaSOC detected that Okta API rate limits have been reached. This may indicate brute force authentication attempts, automated credential stuffing attacks, or threat actors deliberately overwhelming the service to cause a denial of service.
Impact
Reaching Okta API rate limits can disrupt legitimate authentication services, preventing users from accessing critical applications and resources. This may indicate an attempt to compromise user accounts, a misconfigured integration, or a deliberate effort to degrade service availability. The organization may experience authentication failures, delayed access to applications, and potential security blind spots if logging is affected.
Severity
| Severity | Condition |
|---|---|
Informational | Okta API rate limits reached |
Investigation and Remediation
Review Okta system logs to identify the source of excessive API calls, focusing on IP addresses, user agents, and API endpoints being accessed. Investigate whether legitimate applications or integrations are misconfigured and generating excessive requests. If malicious activity is suspected, consider blocking the originating IP addresses.