-
Notifications
You must be signed in to change notification settings - Fork 169
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
added dynamic severity to okta vpn rule, with tests (#1268)
- Loading branch information
1 parent
7ff3c9f
commit 1f1a05e
Showing
2 changed files
with
90 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -156,3 +156,82 @@ Tests: | |
| type: WEB | ||
| uuid: AbC-123-XyZ | ||
| version: "0" | ||
| - Name: Apple Private Relay Used | ||
| ExpectedResult: true | ||
| Log: | ||
| actor: | ||
| alternateId: [email protected] | ||
| displayName: Homer Simpson | ||
| id: 00abc123 | ||
| type: User | ||
| authenticationcontext: | ||
| authenticationStep: 0 | ||
| externalSessionId: 100-abc-9999 | ||
| client: | ||
| device: Computer | ||
| geographicalContext: | ||
| city: Springfield | ||
| country: United States | ||
| geolocation: | ||
| lat: 20 | ||
| lon: -25 | ||
| postalCode: "12345" | ||
| state: Ohio | ||
| ipAddress: 1.3.2.4 | ||
| userAgent: | ||
| browser: CHROME | ||
| os: Mac OS X | ||
| rawUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36 | ||
| zone: "null" | ||
| debugcontext: | ||
| debugData: | ||
| requestId: AbCdEf12G | ||
| requestUri: /api/v1/users/AbCdEfG/lifecycle/reset_factors | ||
| url: /api/v1/users/AbCdEfG/lifecycle/reset_factors? | ||
| displaymessage: Authentication of user via MFA | ||
| eventtype: user.session.start | ||
| legacyeventtype: core.user.factor.attempt_fail | ||
| outcome: | ||
| reason: FastPass declined phishing attempt | ||
| result: FAILURE | ||
| p_enrichment: | ||
| ipinfo_privacy: | ||
| client.ipAddress: | ||
| hosting: true | ||
| p_match: 1.2.3.4 | ||
| proxy: false | ||
| relay: true | ||
| service: Apple Private Relay | ||
| tor: false | ||
| vpn: false | ||
| published: "2022-06-22 18:18:29.015" | ||
| request: | ||
| ipChain: | ||
| - geographicalContext: | ||
| city: Springfield | ||
| country: United States | ||
| geolocation: | ||
| lat: 20 | ||
| lon: -25 | ||
| postalCode: "12345" | ||
| state: Ohio | ||
| ip: 1.3.2.4 | ||
| version: V4 | ||
| securitycontext: | ||
| asNumber: 701 | ||
| asOrg: verizon | ||
| domain: anonymous.org | ||
| isProxy: true | ||
| isp: verizon | ||
| severity: INFO | ||
| target: | ||
| - alternateId: [email protected] | ||
| displayName: Peter Griffin | ||
| id: 0002222AAAA | ||
| type: User | ||
| transaction: | ||
| detail: {} | ||
| id: ABcDeFgG | ||
| type: WEB | ||
| uuid: AbC-123-XyZ | ||
| version: "0" | ||