AlienVault® USM Anywhere™

Viewing Your Okta Events

Role Availability Read-Only Analyst Manager

With the collection of your Okta logs through the configured AlienApp for Okta, USM Anywhere collects, enriches, and analyzes log data from your Okta environment. It detects any suspicious activity, such as login failures and brute forceTechnique or attack method, typically used with authentication, involving an exhaustive procedure that tries all possibilities (for example, to find a valid password), one-by-one. authentications. When USM Anywhere detects a threat, it generates an alarmAlarms provide notification of an event or sequence of events that require attention or investigation..

After the USM Anywhere Sensor collects the first Okta log data and USM AnywherenormalizesNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. the raw data, these eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. start appearing in the Events page. To provide a more focused view of these events, the Okta dashboard is available under Dashboards in the top navigation menu.

View the Okta dashboard in USM Anywhere

This dashboard summarizes the events originating from your Okta environment so that you see what's going on at a glance. Click items displayed in the data elements to drill down to the list of events:

  • Events By Name
  • Failed Actions
  • Event Outcome
  • Top Users With Failed Actions
  • Top Applications
  • Top Users
  • Top Categories

Review events orginating from your Okta environment