Okta suspicious activity reported
Description
AlphaSOC detected that a user reported suspicious activity through Okta's Suspicious Activity Reporting feature. When enabled, this feature allows users to flag and report unrecognized activity within the environment to their organization administrators.
Impact
User-reported suspicious activity may indicate unauthorized access attempts or compromised credentials. This could lead to unauthorized data access, lateral movement within the organization's systems, or account takeover if not promptly investigated and addressed.
Severity
| Severity | Condition |
|---|---|
Informational | Okta suspicious activity reported |
Investigation and Remediation
Review the reported activity details in the Okta system log, including timestamps, source IP addresses, user agents, and authentication factors used. Contact the reporting user to gather additional context. If the activity is confirmed as unauthorized, reset the affected user's credentials, terminate any active sessions, and audit recent account activities for additional indicators of compromise.