In this week’s release, we’re providing new ways to operationalize Oort’s checks. Read on to learn more!
📳 Prioritize Response to Users with Failing Checks
The majority of our customers have thousands of users in their population, making it challenging to understand where to best focus your efforts. While some of you use our integrations with ticketing, SIEM, and IM tools, others prefer to log in to the Oort dashboard.
In this release, we’ve added a new sort option within the Users tab to identify the most at-risk users. This will enable you to sort the users list by the ascending or descending number of checks.
⚙️”Never Logged In” Check is now Event-Based
One of the less-glamorous (but highly effective) checks is the “Never Logged In” check, which detects accounts that were created but never successfully logged in. These accounts appeal to attackers as they may be able to register their own MFA factors.
In this release, we’re moving this check to an “event-based” model.
One of the unique traits of Oort is the ability to consume both event data and entitlement data, which enables us to provide you with a more comprehensive understanding of your identities. The checks that analyze event information are known as “event-based checks”.
Event-based checks have different, more frequent collection schedules and have the ability for you to leave feedback (interesting vs mark as normal behavior).