Splunk okta8/16/2023 ![]() Now I've got to set up the dashboard to show all the Okta related content. I then tried adding event metrics data input using simply events as the name, ran the troubleshooting search once more, and that seems to have fixed it. Running sourcetype=okta:im found no results, but running the troubleshooting search, index=_internal source=*ta_okta* returned no errors. I've done what you've suggested with just user for the name, and this was for the preset user metrics data input. I've been configuring the data inputs via the UI.The last panel doesn’t just apply to Okta administrators users changing a SWA password or app username also log “administrative events. The view also shows a graph of login events (success and failure), an application access graph, top applications, and a list of any administrative actions performed over the selected time range. In the screenshot, you can see my Okta logins both from our SF headquarters and the Cosmopolitan of Las Vegas for our 2013 user conference. It has a text input field for a username and a time picker providing a very granular view of usage by user. The user drilldown was cited as one of the most useful views during our internal review of the app. A drop-down populates from the access logs to allow selection of a specific app, and the view has a time range picker for control of granularity. The view plots access - by app - on a map, trends SSO login history, and shows the top users of that app over the selected time range. ![]() The app drilldown gives a more detailed view of application access data. Like the overview dashboard, the security dashboard also has a time picker. Okta informed us that infrequent errors of this nature could be caused by a user having multiple tabs open when a session times out, but repeated errors on the same user could indicate an attempt to break past the configured MFA tokens. ![]() It also shows a trendline for login failures and a panel for miltifactor authentication (MFA) bypass attempts. In this screenshot, many of the names have been masked. The security dashboard plots login failures by both valid users and invalid user attempts. The dashboard has a time picker so you can choose the granularity with which the data is presented. The view plots successful logins on a map, provides graphs of the most-used applications and access trends, and provides some information on unique users (to gauge adoption) and SMS messages sent as a second factor of authentication. The overview dashboard shows a quick snapshot of Okta usage. Also, if you’re in a distributed Splunk environment, the Splunk Plugin for Okta is ready for deployment to your indexers and other search components that may require field extractions. We’re working with Okta to extend the API and provide more views in future revisions. Version 1 of the app includes 4 default views: an overview dashboard, a security dashboard, an app drilldown, and a user drilldown. The Splunk App for Okta connects to the Okta events API and returns data in a CIM-compatible format for Splunking. Also in the same meeting, we were able to determine the number of virtual machines affected by an issue with a single ESX host with the Splunk App for VMware, but that’s a post for another day. Using the app, we were able to determine two time windows with the lightest usage and plan the maintenance window accordingly. Download the Splunk App for OktaĮarlier this week, I was sitting in a change management meeting and our IT ops team was trying to plan a maintenance window impacting the fewest Splunkers possible. ![]() I alluded to this last week in my post about Okta-ing Splunk–we’re now Splunking Okta! Today, the Splunk App for Okta went live on Splunk Apps and we’ve already gained value from looking at how our Splunkers are logging into apps. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |