Week 33, 2022

New Features

πŸ“ New Explanations in Slack & Teams Alerts

You can now see detailed explanations in Slack and Teams of why a user is failing a check. This context is valuable to notification recipients so they can quickly determine whether this failure is expected behavior or something that requires further investigation and remediation.

πŸ’» See and Search Service Account Activity

You can now easily see and search for service account activity within your Okta environment! A single service account often has multiple API keys associated with it, and mapping API activity back to a service account is now quick and easy. You should definitely see a demo of this to get total visibility into service account activity. You can use the token names of your service account APIs to start seeing this.

🀨 Give Feedback on User Behavior in Oort

You can now mark check failures as either β€œInteresting” or β€œNormal” in the Oort UI. When one of these tags is selected, the user event log is updated with the tag. This enables analysts to quickly identify noteworthy trends, patterns, or unique events in any user’s history.

βͺ View Group Removals by User

There is a new type of event in the changelog for group memberships in the β€˜Groups’ tab in the User 360 view. You can now see users who were removed from groups and the user that made the change to the membership. This feature enables threat investigators and analysts to easily see the historical group membership changes to enrich their analysis context.

☎️ See Phone Number and Device Type in Duo Factors

You can now see the device type and any phone number associated with it in the factors section of User 360. With this information presented front and center, anomalous activity is easier to see and it provides additional information for analysts, in addition to a contact path for deeper investigation.

πŸŽ› New Filters for Users List

You can now filter your user population with finer granularity including by the number of checks being failed by users and by the checks themselves. These filters offer an easy way to include or exclude certain user populations when performing identity vulnerability management. Direct access to check failures from the user population page is a great way to prioritize identity hygiene and attack surface reduction.

That’s a wrap for this week! Make sure you subscribe to our updates up top so you don’t miss any new features or announcements coming from Oort! Can’t wait? Get a demo today!

Last updated