We provide plenty of insights into suspicious user activity that detects threats for security teams. For those of you who are unfamiliar with Oort’s identity threat insights, here are a few examples:
Risky Parallel Sessions
Azure Admin Activity Anomaly
Login to Admin Console in Okta
Okta Admin Activity Anomaly
Service Account Successful Sign In
Successful Access from a Previously Only Failing IP
That’s great, now what do you do? With this release, users can log users out with the click of a button. Doing so will clear all sessions and log out the user across all devices. If users wish to log back in, they need to re-authenticate.
User 360 profiles are the most visited parts of the Oort dashboard, where you can access everything you might want to know about a user. Within these profiles, there is a tab specifically on Applications. This shows you which applications the user has access to, which they have logged in to, and when they last logged in.
In this release, we’ve included additional detail on how these applications were assigned to the user. Was it via a group, or was it directly assigned? If it was directly assigned, who granted it? The Applications tab now displays all this information.
Bug Fixes and Minor Improvements
Enhanced IP details. For checks with an IP address associated, greater detail is now displayed about the IP address in the activity panel.
Okta Event Streaming. We recommend setting up event streaming to ensure you see the latest data in Oort. In this release, we’ve included a new modal in the Integrations tab to help set up event streaming in Okta.