Oort Knowledge Base
  • Home
  • Glossary
  • 📊Dashboard
    • Get Started Dashboard
    • Overview Dashboard
    • MFA Dashboard
  • 👥Understanding your users
    • 📇Users
      • 💾Saved Filters
      • ❓Basic Search & Advanced Query Mode
    • 🩻User 360
      • 🗺️Overview Tab
      • 🔬Activity Tab
      • 📶Networks Tab
      • 💻Devices Tab
      • 🪺Applications and Groups Tabs
      • ✅Checks Tab
    • 🛠️Triaging Alerts and Remediation Actions
    • 🔗Linking User Accounts
    • 🤷User Statuses
  • 🗃️Applications
  • 💻Devices
  • 🧩Configuring Integrations
    • Managed Integrations
    • Auth0
      • Auth0 Data Integration
      • Auth0 Log Streaming & Marketplace App
    • Microsoft Entra ID (Azure AD) Data Integration
    • Microsoft Entra ID (Azure AD) SSO Integration
    • Azure Event Hub Log Streaming for Microsoft Entra ID (Azure AD)
    • Azure Sentinel SIEM Integration
    • AWS
    • AWS User-Based Access [Deprecated]
    • Duo Security Integration
    • Email Notifications
    • Github
    • Google Workspace Integration
    • Jamf
    • Jira Integration
    • Mailgun Integration
    • Microsoft Teams Notification Integration
    • Okta Log Streaming AWS EventBridge Integration
    • Okta Data Integration
    • Okta Workflows
    • Okta Integration Network - Production SSO App
    • Okta SSO
    • Polarity Integration
    • Salesforce Integration
    • SendGrid Integration
    • ServiceNOW Integration
    • Slack
    • Snowflake
    • Webex Notification Integration
    • Webhooks
    • Workday
      • Manual Import (CSV)
      • Report as a Service (RaaS)
  • ☑️Understanding Check failures
    • 🔍Reviewing Check Results
    • 🧹Customizing Checks
    • 📖Cisco Identity Insights
      • Identity Posture Management Insights
        • Access from Denied Territories
        • Allow/Block Email Logins
        • Application Login Bypasses SSO
        • Applications with Expired Secret
        • HRIS Discrepancies
        • Identity Intelligence Client Secret Expiring Soon
        • Inactive Account Probing
        • Inactive Guest Users
        • Inactive Users
        • Missing Value in Mandatory Field
        • Never Logged In
        • No MFA Configured
        • No Strong MFA Configured
        • Okta Long Running Sessions
        • Okta Session Length Policy Compliance
        • Personal VPN Usage
        • Provider User Type Missing
        • Rate Limit Alert
        • Role Assigned to Azure Cloud Only Account
        • Salesforce Direct Login Settings
        • Shared Mailbox Sign In Enabled
        • Slack User Inconsistencies
        • Telecom MFA Limit Reached
        • Unmanaged Devices Access
        • Unused Application for a User
        • Upcoming App Key Expiration
        • User Authorized to Bypass MFA
        • User Has Directly Assigned Application
        • User in IDP but not in HRIS
        • User Password Expiration Failure
        • User Stuck in Non-functional State
        • Users Sharing Authenticators
        • Weak MFA Was Used To Successfully Sign In
      • Identity Threat Detection Insights
        • A Bypass Code Was Used To Successfully Sign In
        • Access From Dormant Account
        • Accounts With Unusually High Activity
        • Active Account Under Heavy Attack
        • Activity From Untrustworthy ISP
        • Admin Impersonation in Okta
        • Admin Role Assigned to User
        • Authenticator Registration Anomalies
        • Code Exfiltration By Guest Account
        • Compromised Session
        • Google Drive File with Excessive Sharing Permissions
        • Impossible Travel
        • IP Threat Detected
          • IP Threat Detected In Depth
        • Login to Admin Console
        • MFA Flood
        • Microsoft Entra ID Admin Activity Anomaly
        • New Country for Tenant
        • New IDP Created
        • Okta Admin Activity Anomaly
        • Rare Browser Activity
        • Registered Location Mismatch
        • Risky Parallel Sessions
        • Service Account Successful Sign In
        • Shared Mailbox Successful Sign In
        • Sign In Threat Detected
        • Sign-in from Recently Created IdP
        • Successful Access from a Previously Only Failing IP
        • Super Admin Login to Google
        • Suspicious Activity Reported by End User
        • Unusual Repo Access
        • User IP in Blocked State
        • User Lock Out Risk Detected
        • User Trust Level Alert
        • Users With Defined Email Forward Rules
        • Users With New Email Forward Rules
        • Weak MFA Manually Activated and Utilized
  • ⚙️Tenant Settings
    • 👨‍💼Role-based Access (RBAC) and Tenant Access Logs
    • Systems Logs
  • 🏥Identity Posture Score
  • 🚨User Trust Level
  • How-to Guides
    • 🔐Accessing and Securing your Cisco Identity Intelligence Tenant
    • 🏎️Can Identity Intelligence analyze behavior and fail checks more frequently?
    • 🛂Importing Known IP Address Lists
    • 🔎Networks Tab & User Investigations
    • 🔁Okta Workflows Webhook Example
    • 🗃️Understanding HRIS Data and SCIM
    • MFA Factors FAQ
  • Public API
    • APIs
  • Troubleshooting & Support
    • API Permissions for Integrations
    • Responsible Disclosure Policy
  • Best Practices
    • 🛣️What’s Next? How to use Identity Intelligence effectively
    • 📚Identity Security Reading List
    • ✍️KPIs for
 IAM Teams
  • Blogs
    • 0ktapus for humans
    • Oort Releases GitHub Integration To Extend Identity Threat Detection
    • Oort Recognized Twice as a Sample Vendor in Gartner® 2023 Hype Cycle Reports™
    • Oort's Response Capabilities: Remediate Compromised Accounts with Just One Click
    • Oort Unveils Dashboard, Providing A Single Pane of Glass for Identities
    • Oort’s New Identity Security Dashboard
    • Oort Unveils Identity Technology Ecosystem, Bringing Identity Data out of Orbit and Into View
    • Oort: Your Security Layer On Top Of Okta
    • Populating the Unpopulated: Challenges of Building a Comprehensive User Inventory
    • Protecting IT Help Desk Teams Against Cyber Attacks
    • Protecting Salesforce Accounts from Takeovers and Ungoverned Access
    • Restrict Guest Access Permissions: Best Practices and Challenges
    • Seizing the Communication Opportunity: Aligning Perspectives in Identity Security
    • Session Hijacking in a Post-Genesis World
    • SIEM vs. Security Data Lake: Why it's Time to Rethink Your Security Program
    • Speaking the Same Language for Identity Security: Identify, Protect, Detect, Respond
    • State of Identity Security research reveals 40% of accounts use weak or no form of multi-factor authentication to protect identities
    • Strengthening Identity Controls: Mapping to CIS CSC and NIST CSF Security Frameworks
    • Strengthening Identity Security with Single Sign-On (SSO) Systems
    • Succeeding with Proper Detection for Identity Security: A Comprehensive Approach
    • Taking a Data-Driven Approach to Identity Security
    • The Concerning Prevalence of Weak Second Factors
    • The Crucial Role of an Identity Security Leader
    • Why I am Joining Oort
    • The Quest for a Passwordless World
    • Understanding Azure Active Directory (Azure AD)
    • Understanding the Implications of New SEC Rules on Cyber Incident Disclosure
    • Unlocking the Power of Zero Trust: The Crucial Role of Identity and Oort's Identity Security Platform
    • Respond Even Quicker to Identity Threats
    • What to Look Out For at Gartner IAM
    • 7 Critical Requirements for Securing Third-Party and Vendor Access
    • Best Practices for Efficiently Responding to Identity Threats
    • Announcing our Identity Technology Partner Ecosystem
    • Catching waves and building clouds
    • Cisco Announces Intent to Acquire Oort
    • CISO Perspectives: Eric Richard, HubSpot
    • Defining Roles & Responsibilities for an Identity Security Program
    • Detecting Session Hijacking
    • 8 Things to Look for in an ITDR Solution
    • Enhancing Identity Threat Detection: Introducing Oort’s New GitHub Integration
    • Founder Perspective: Matt Caulfield On Why He Started Oort
    • Founder Perspective: Vision To Reality
    • Four Reasons Why Traditional SIEMs Fall Short For Identity Security Programs
    • How Oort Partners with Duo for Unbeatable Secure Access
    • Governance, Risk, and Compliance
    • How to Find Inactive Users
    • Identity and Access Management and Oort Explained
    • 5 Identity Security Questions Every IAM Leader Needs to Answer
    • Identity security is bigger than just ITDR
    • Identity is the apex threat vector, so why is identity security still a mess?
    • Identity Threat Detection
    • Identity Threat Detection and Response: what you need to know
    • Identiverse 2023: What I'm Looking Forward to & What Not to Miss
    • Interview with Oort: Best Practices for Managing & Protecting Service Accounts
    • Interview with Alex “Sasha” Zaslavsky (Oort Data Science Lead)
    • Interview with Andy Winiarski (Head of Solutions Engineering)
    • Interview with Nicolas Dard (Oort’s VP of Product Management)
    • Introducing our Latest Integration to Protect Identities in AWS
    • Introducing The 2023 State of Identity Security Report
    • Maintaining a Strong Identity Security Posture: Why IAM Hygiene Matters
    • Managing Machine Identities: A Comprehensive Guide
    • Managing Risk In Shipwreck Diving and Security
    • Monitoring MFA Usage and Adoption: Strengthening Your Security Strategy
    • Okta Breach: Why Attackers Target GitHub, and What You Can Do to Secure It
    • Okta Security
    • Oort and Polarity Combine to Provide Instant Context on Identities
    • Oort + Polarity: Instant Identity Context to Power Investigations and Response
    • Oort Announces $15M in Seed and Series A Funding Round
    • Oort Stacks Go-to-Market Leadership Team Following Series A Investment
    • Oort Extends Identity Threat Detection with New AWS Integration
    • Announcing General Availability of the Oort Identity Analytics & Automation Platform
    • Oort Joins Forces with Microsoft Intelligent Security Association to Bring Visibility into Unmanaged Devices
    • Oort Joins the Microsoft Intelligent Security Association (MISA)
    • Building an Effective Identity Security Program: A Comprehensive Handbook
    • Oort Launches Identity Security Platform in Auth0 Marketplace
    • Oort Launches Identity Security Platform in AWS Marketplace
    • Oort Launches One-Click Remediation Actions for Streamlined Identity Security Response
    • Oort Origins and Our Vision for Identity Security
  • Release Notes
    • Week 22, 2024
    • Week 21, 2024
    • Week 20, 2024
    • Week 19, 2024
    • Week 18, 2024
    • Week 17, 2024
    • Week 16, 2024
    • Week 14, 2024
    • Week 13, 2024
    • Week 11, 2024
    • Week 9, 2024
    • Week 7, 2024
    • Week 5, 2024
    • Week 4, 2024
    • Week 3, 2024
    • Week 2, 2024
    • 2023
      • Week 49, 2023
      • Week 48, 2023
      • Week 47, 2023
      • Week 46, 2023
      • Week 45, 2023
      • Week 44, 2023
      • Week 43, 2023
      • Week 42, 2023
      • Week 41, 2023
      • Week 40, 2023
      • Week 39, 2023
      • Week 38, 2023
      • Week 37, 2023
      • Week 35, 2023
      • Week 34, 2023
      • Week 33, 2023
      • Week 32, 2023
      • Week 31, 2023
      • Week 30, 2023
      • Week 29, 2023
      • Week 28, 2023
      • Week 27, 2023
      • Week 26, 2023
      • Week 25, 2023
      • Week 24, 2023
      • Week 23, 2023
      • Week 22, 2023
      • Week 21, 2023
      • Week 20, 2023
      • Week 19, 2023
      • Week 18, 2023
      • Week 17, 2023
      • Week 16, 2023
      • Week 15, 2023
      • Week 13, 2023
      • Week 12, 2023
      • Week 11, 2023
      • Week 10, 2023
      • Week 9, 2023
      • Week 8, 2023
      • Week 7, 2023
      • Week 6, 2023
      • Week 5, 2023
      • Week 4, 2023
      • Week 3, 2023
      • Week 2, 2023
      • Week 1, 2023
    • 2022
      • Week 51, 2022
      • Week 50, 2022
      • Week 49, 2022
      • Week 48, 2022
      • Week 47, 2022
      • Week 46, 2022
      • Week 43, 2022
      • Week 42, 2022
      • Week 41, 2022
      • Week 38, 2022
      • Week 37, 2022
      • Week 36, 2022
      • Week 35, 2022
      • Week 34, 2022
      • Week 33, 2022
      • Week 32, 2022
      • Week 31, 2022
      • Week 30, 2022
      • Week 29, 2022
      • Week 24, 2022
      • Week 12, 2022
Powered by GitBook
On this page
  1. Troubleshooting & Support

Responsible Disclosure Policy

PreviousAPI Permissions for IntegrationsNextBest Practices

Last updated 2 years ago

At Oort, our mission is to make network security easy for distributed companies. We value the insights of our clients, partners, and the independent security research community, and we welcome the opportunity to work together with this community when vulnerabilities are discovered. We believe that the disclosure of vulnerabilities is essential for improving the quality and security of our product, and the safety of our customers who rely upon it.

If you are a security researcher and have identified a suspected security vulnerability in our product, we appreciate your help in disclosing it to us in a coordinated and responsible manner. If you report a valid security vulnerability in compliance with this Responsible Disclosure Policy (“Policy”), Oort will collaborate with you to understand, validate and resolve the issue.

Responsible disclosure helps us to ensure that our product and infrastructure is tested and reliable. Moreover, our commitment to mitigate vulnerabilities is reassuring for our customers and the security industry as a whole.

Oort's responsible disclosure program is intended to encourage coordinated responsible disclosure. We endeavor to apply industry best practices for coordinated disclosure of vulnerabilities to ensure that customers get the highest quality information and to drive public discussion of methods for improvement of products, protocols, and standards. Unless required by law or law enforcement authorities, Oort does not intend to initiate a lawsuit or law enforcement investigation against a security researcher who discovers and reports a security vulnerability in compliance with this Policy. Oort reserves all rights in the event of noncompliance. If your security research involves the networks, systems, information, applications, products, or services of another party, including a third-party application that is integrated with Oort, that third party may determine whether to pursue legal action. We cannot and do not authorize security research involving any other entities.

Your participation in this program is voluntary and subject to the terms and conditions set forth in this Policy. By submitting reports or otherwise participating in this program, you agree that you have read and will follow this Policy. Oort reserves the right to change or modify the terms of this program or terminate this program at any time.

Please submit your findings to .

The following is Oort’s responsible disclosure policy:

Scope

This policy applies to the Oort website, web application, and APIs, and services made available in support of our product at

We can not and do not authorize testing any other website, web application, API, or service.

Process

Prematurely revealing a vulnerability publicly without first notifying Oort risks harm to our customer organizations, exposing sensitive information, and putting people and organizations in danger of malicious attacks. For this reason, our Responsible disclosure policy asserts a two-phase process:

  1. First, private disclosure of a potential vulnerability to Oort. Oort will validate the vulnerability, then remedy the vulnerability, and with the cooperation of the individual who has disclosed the vulnerability, test to ensure the remedy has secured the vulnerability against future exploitation.

  2. Oort then coordinates public disclosure, including publication of a written security advisory including remediation procedures. At the option of the person who has disclosed this vulnerability, Oort will also recognize the security researcher's discovery, confirming that credit is given to the right person(s).

We ask that researchers recognize that our action to investigate, validate and remediate reported vulnerabilities varies based on complexity and severity. We will communicate expected timelines, changes and collaborate where possible. Please submit your findings to .

Program Rules

We must impose some restrictions in order to facilitate the safety and security of the customers who depend upon our product:

  • Vulnerabilities must be disclosed to us privately with a reasonable time to respond, and in accordance with the requirements of this Policy. We will seek to respond quickly to your report. You are not permitted to disclose a vulnerability or otherwise share details about a vulnerability with a third party prior to resolution without express, written permission from Oort.

  • You must include detailed information with reproducible steps. We request that researchers provide sufficient technical details and background necessary for us to identify and validate reported issues.

  • Oort will disclose known vulnerabilities and their fixes to its customers in a manner that protects the customer first.

  • Oort will include credit to the person who first identified the vulnerability in our disclosure only if that disclosure is requested by the one who reported it.

  • We will not publicly disclose the identity of any researcher without consent, except where required by law.

Security Testing Requirements

  • You must abide by the program scope.

  • You must comply with all applicable legal and regulatory requirements, including laws or regulations which govern privacy and data processing.

  • You must securely delete any Oort information which may have been downloaded, cached, or otherwise stored on systems used to perform research.

  • You may only use or interact with your own accounts for testing purposes. Do not attempt to compromise or otherwise gain access to an account to which you are not authorized.

Restrictions

  • Do not exploit a vulnerability for malicious purposes.

  • You are prohibited from engaging in any activity that would be disruptive, damaging, or harmful to Oort or its customers. This includes, without limitation:

    • social engineering techniques

    • malicious software techniques (e.g., viruses, worms, ransomware, etc.)

    • Denial of Service (DoS) and Distributed Denial of Service (DDoS)-based attacks.

    • testing in a manner that would result in the sending of unsolicited or unauthorized junk mail, spam, or other forms of duplicative or unsolicited messages

  • You are prohibited from engaging in any violations of user privacy, trading stolen user credentials, or destroying data.

  • You may not access data except to the extent minimally necessary to identify a vulnerability, and use of such data must be limited to that which is necessary to identify and report the vulnerability. You are prohibited from compromising data that is not your own.

Oort will disclose known vulnerabilities and their fixes to its customers in a manner that protects the customer first. Disclosures made by Oort will include credit to the person who first identified the vulnerability unless otherwise requested by the one who reported it. We are committed to working with security researchers who approach Oort with a shared interest to improve security and the distribution of information that includes both the vulnerability and the solution that addresses it. Oort will publicly acknowledge in a written advisory the work of a security researcher who brings the company valid information about a vulnerability privately and then works with Oort to coordinate the public announcement after a fix or patch has been developed and fully tested within a reasonable amount of time to be effective and deployed by Oort and its customers. We recognize the value of open publication of security analysis, and encourage security researchers to document and publish their findings as a way to help minimize risks for all, and to help users to protect themselves.

You are prohibited from engaging in any activity that results in you or any third party accessing, acquiring, altering, copying, storing, sharing, transferring, deleting, or otherwise processing customer or employee personal information, or Oort confidential information. If this occurs inadvertently, please stop testing and contact us immediately at . As provided above, all copies of such information must be securely deleted upon submission of the vulnerability to Oort.

Please submit a report to us or request additional testing permission before causing damage or engaging in conduct that may be inconsistent with this Policy. If you inadvertently cause a violation of this program Policy, please report the incident immediately to

security@oort.io
https://oort.io/
security@oort.io
security@oort.io
security@oort.io