AppOmni High Severity Alert

Detects high and critical severity threat alerts generated by AppOmni’s ACES detection engine and delivered to Identity Intelligence CII using the Shared Signals Framework (SSF).

When this check fails, Identity Intelligence has received an AppOmni alert indicating potentially malicious identity activity (for example, activity consistent with session hijacking or SSO bypass) associated with one or more users.

Adversaries commonly attempt to obtain valid sessions or bypass normal authentication controls to access applications without triggering traditional sign-in based detections. High/critical severity signals from AppOmni can indicate elevated risk of account compromise and should be investigated promptly.

Recommended Actions

• Review the alert details to understand the type and scope of the detected threat.

• Investigate the user’s recent activity in the affected SaaS application(s).

• If the alert suggests account compromise, consider resetting the user’s credentials and revoking active sessions.

• For privilege escalation alerts, validate that the permission changes were expected and authorized.

• Contact the end user to confirm whether the flagged activity is legitimate.

Compatibility: AppOmni