Skip to content

Quality updates for Okta SSO Content#14498

Open
rahul0216 wants to merge 4 commits into
masterfrom
users/rahul/solution-quality-3
Open

Quality updates for Okta SSO Content#14498
rahul0216 wants to merge 4 commits into
masterfrom
users/rahul/solution-quality-3

Conversation

@rahul0216

@rahul0216 rahul0216 commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Required items, please complete

Change(s):

  • Refine multiple Okta SSO analytic rules and hunting queries: improve KQL parsing and filtering, introduce configurable variables (thresholds, allowed IPs/users/admins, lookback), add isnotempty guards, better JSON parsing, and explicit projections. Standardize entity mappings by splitting actor_alternateId into AccountName and UPNSuffix across rules, add customDetails and alertDetailsOverride where appropriate, update MITRE sub-technique IDs, adjust tactics/techniques, sort/order results, and bump rule versions. These changes reduce false positives, provide richer alert context, and improve hunt/query accuracy and usability.

Reason for Change(s):

  • Quality update

Version Updated:

  • Yes

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

@rahul0216
Update Okta SSO analytic rules and queries
75ad016 
Refine multiple Okta SSO analytic rules and hunting queries: improve KQL parsing and filtering, introduce configurable variables (thresholds, allowed IPs/users/admins, lookback), add isnotempty guards, better JSON parsing, and explicit projections. Standardize entity mappings by splitting actor_alternateId into AccountName and UPNSuffix across rules, add customDetails and alertDetailsOverride where appropriate, update MITRE sub-technique IDs, adjust tactics/techniques, sort/order results, and bump rule versions. These changes reduce false positives, provide richer alert context, and improve hunt/query accuracy and usability.
@contentautomationbot

contentautomationbot Bot commented Jun 16, 2026

Copy link
Copy Markdown

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@v-maheshbh v-maheshbh added the Solution Solution specialty review needed label Jun 17, 2026
@rahul0216 rahul0216 marked this pull request as ready for review June 17, 2026 05:48
@rahul0216 rahul0216 requested review from a team as code owners June 17, 2026 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@v-shukore v-shukore

Labels

Content-Package Solution Solution specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rahul0216 @v-shukore @v-maheshbh