Comment on page

Accounts With Unusually High Activity

Detects accounts with unusually high daily sign-in events, which can indicate malicious activity or the presence of a service account. A user will fail this check if Oort detects more than 1,000 sign-in events per day.
​
Recommended Actions
Tag known service accounts and machine identities as “MACHINE” in Oort. Investigate the spike to determine what application is generating the activity.

Default Check Settings
Events per day: 1,000
​
Compatibility
​Microsoft Entra ID​
​Okta​
​Duo​
​Google Workspace​

A Bypass Code Was Used To Successfully Sign In

Active Account Under Heavy Attack

Last modified 3mo ago