Comment on page

Accounts With Unusually High Activity

Detects accounts with unusually high daily sign-in events, which can indicate malicious activity or the presence of a service account. A user will fail this check if Oort detects more than 1,000 sign-in events per day.
Recommended Actions
Tag known service accounts and machine identities as “MACHINE” in Oort. Investigate the spike to determine what application is generating the activity.
Default Check Settings
Events per day: 1,000
Compatibility
Okta
Duo