Activity From Untrustworthy ISP

Detects logins from new Internet Service Providers (ISPs), considering activity within the last 90 days, that have low trust scores or are not common ISP domains for your organization. Trust score is based on enrichment services and Tranco Top 1M list. ISPs are considered new for 7 days (configurable in check settings).

Recommended Actions

Verify the origin of the action with the account.

Default Check Settings

Number of days threshold to regard ISP as new: 7 days

Compatibility

PreviousActive Account Under Heavy Attack NextAdmin Impersonation in Okta

Last updated 3 months ago