# AppOmni High Severity Alert Detects high and critical severity threat alerts generated by AppOmni’s ACES detection engine and delivered to Identity Intelligence CII using the Shared Signals Framework (SSF). When this check fails, Identity Intelligence has received an [AppOmni](/integrations/shared-signals-framework-ssf-and-ssf-receivers/appomni-integration-using-ssf.md) alert indicating potentially malicious identity activity (for example, activity consistent with session hijacking or SSO bypass) associated with one or more users. Adversaries commonly attempt to obtain valid sessions or bypass normal authentication controls to access applications without triggering traditional sign-in based detections. High/critical severity signals from AppOmni can indicate elevated risk of account compromise and should be investigated promptly. **Recommended Actions** * Review the alert details to understand the type and scope of the detected threat. * Investigate the user’s recent activity in the affected SaaS application(s). * If the alert suggests account compromise, consider resetting the user’s credentials and revoking active sessions. * For privilege escalation alerts, validate that the permission changes were expected and authorized. * Contact the end user to confirm whether the flagged activity is legitimate. **Compatibility**: AppOmni --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.oort.io/understanding-check-failures/oort-insights/identity-threat-detection-insights/appomni-high-severity-alert.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.