Quick Start Security for OneLogin
Thank you!
We got your information.
Coralogix Extension For OneLogin Includes:
Dashboards - 1
Gain instantaneous visualization of all your OneLogin data.
Alerts - 15
Stay on top of OneLogin key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
App user limit reach
Onelogin extension pack
Unauthorized API event
This alert will trigger in case of a user making an unauthorized API call. Impact Can be an indication of a data leakage attempt. Mitigation Analyze the user activity and actions.
Successful Login From an Unfamiliar Country
This rule monitors a login from a new country based on geo location of previous logins. This might be an indication of an external actor attempting to gain access. Impact Login attempt from unfamiliar country might be an indicator of compromise. Mitigation Login attempt from unfamiliar country might be an indicator of compromise.
More than usual login failure per event type
This alert is triggered when the number of failed login attempts exceeds the configured threshold, in the context of an event type. Impact Might be an indication of a brute force attempt. Mitigation Investigate the malicious request. MITRE Tactic: TA0006 MITRE Technique: T1110
More than usual API lock user event
This alert will trigger in case of a user being locked following an API call. Impact Can be an indication of a data leakage attempt. Mitigation Analyze the user activity and actions.
Multiple Accounts Deleted
This alert will trigger in case of a sudden increase in deletion of users more times than the configured threshold. Impact Can be an indication of a possible Denial of Service attack. Mitigation Determine if this is normal user-cleanup activity. MITRE Tactic: TA0040 MITRE Technique: T1531
New Application
Brute Force Attempt - Single User
This alert will trigger in case when a OneLogin user was denied access more times than the configured threshold. Impact Can be an indication of an attacker performing a brute force attack. Mitigation Analyze the user activity and actions. MITRE Tactic: TA0006 MITRE Technique: T1110
Brute Force Attempt - Single IP
This alert will trigger in case when a single ip address was denied access to OneLogin more times than the configured threshold. Impact Can be an indication of an attacker performing a brute force attack. Mitigation Analyze the user activity and actions. MITRE Tactic: TA0006 MITRE Technique: T1110
Password Access
This alert will trigger in case of a user accessed another user's application password. Impact Can be an indication of an attempt at privilege escalation, or credential retrieval. Mitigation Investigate whether this was authorized access. MITRE Tactic: TA0006 MITRE Technique: T1552
Authentication Factor Removed
This alert will trigger in case of a user removing an authentication factor or OTP device. Impact Can be an indication of an attacker attempting defense evasion by modifying an existing authentication process. Mitigation Investigate whether this was an intentional action and if other multifactor devices exist. MITRE Tactic: TA0005 MITRE Technique: T1556
User Password Changed
This alert will trigger in case of a OneLogin user or admin user updates their password. Impact Can be an indication of an attempt at privilege escalation. Mitigation Investigate whether this was an authorized action.
User Locked
This alert will trigger in case of a user locked or suspended from their account. Impact Can be an indication of an attacker trying to input credentials as part of a brute force attempt. Mitigation Investigate whether this was caused by expected action. MITRE Tactic: TA0006 MITRE Technique: T1110
User Assumed Another User
This alert will trigger in case of a User assumed another user account. Impact Can be an indication at a lateral movement attempt. Mitigation Analyze the user activity and actions. MITRE Tactic: TA0008 MITRE Technique: T1550
Unauthorized Access
This alert will trigger in case of a OneLogin user was denied access to an app more times than the configured threshold. Impact Can be an indication at a lateral movement attempt. Mitigation Analyze the user activity and actions. MITRE Tactic: TA0008 MITRE Technique: T1550
Integration
Learn more about Coralogix's out-of-the-box integration with OneLogin in our documentation.