Week 30, 2023

There was plenty packed into the last week for you to enjoy, including a new check to identify users sharing authenticators. The headline item, however, is the introduction of Oort webhooks that enable you to receive notifications for failed checks in other applications.

🪝 Power Automation with Oort’s Webhooks

Oort now has 50 pre-built checks, offering both identity threat detection and identity posture insights. When a user fails any of these checks, you can choose to send notifications via Slack, Teams or Email. Additionally, we have turnkey integrations with SIEM and Ticketing platforms to support additional workflows.
In this release, we’ve added the ability to send these notifications to any application with the power of webhooks. This will enable you to be alerted as soon as possible to identify threats or posture issues. This capability will enable you to trigger automation workflows, including Okta Workflows and SOAR integrations.
To set up a webhook, go to Integrations - Add Integration, and select “Webhook”. Once this is set up, you will be able to select the Webhook as a notification target within each of the Check Details pages.

📳 Identify Users Sharing Authenticators

Employees may share authenticators when sharing credentials to an account, which can cause security issues. Furthermore, if users are sharing phones or devices, it can indicate an issue with the onboarding process.
In this release, you will see a new check called “Users Sharing Authenticators” that detects whenever we see a phone number associated with more than one login. If the user is linked, however, this will not cause the check to fail.

📭 Shared Mailboxes

Oort monitors different types of identities: external guest accounts, internal users, and service accounts. We’ve added one more category to this list – shared mailboxes. Shared mailboxes are interesting to attackers because they can hold sensitive information. Furthermore, they can be subject to less scrutiny.
With this release, you will see a new option for “Shared Mailbox” under “User Type” within the Users Tab. This type will also be displayed within the relevant User 360 profiles.
In order to collect this information, you will need to enable Mailbox Settings within the Advanced Settings of your Azure AD integration. This will require the MailboxSettings.Read permission in Azure AD. You can read more about permissions in Azure AD here.

Bug Fixes and Minor Improvements

  • Protected Populations. Protected populations can be defined within Tenant Settings. You will be able to easily see which groups are currently in the population that Oort protects.
  • Helpdesk Role. Oort uses with the Helpdesk role now have additional permissions to exclude users from checks.
  • Truncated Topics. Topics and tags in User 360 profiles will be fixed to truncate when the length is excessively long.