Article Details

Okta open-sources Auth0 rules catalog for threat detection. Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. Auth0 is Okta's identity and access management (IAM) platform used by organizations for login, authentication, and user management services. By releasingg the detection rules, the company aims to help security teams quickly analyze Auth0 logs for suspicious activity that could indicate intrusion attempts, account takeovers, the creation of rogue admin accounts, SMS bombing, and token theft. Until now, Auth0 customers had to build their own detection rules from event logs or rely on what came out-of-the-box in Auth0’s Security Center. With the launch of Customer Detection Catalog, a curated, open-source, community-driven repository, Okta proovides developers, tenant administrators, DevOps teams, SOC analysts, and threat hunters a means to upgrade their proactive threat detection. “The Auth0 Customer Detection Catalog allows security teams to integrate custom, real-world detection logic directly into their log streaming and monitoring tools, enriching the detection capabilities of the Auth0 platform,” reads the announcement. “The catalog provides a growing collection of pre-built queries, contributed by Okta personnel and the wider security community, that surface suspicious activities like anomalous user behavior, potential account takeovers and misconfigurations.” The public GitHub repository includes Sigma rules, making it broadly usable across SIEM and logging tools and allowing contributions and validations from Okta’s entire customer base. Auth0 users can take advantage of the new Customer Detection Catalog through these steps: Okta welcomes anyone writing new rules or refining existing ones to submit them to the repo thorough a GitHub pull request to help improve coverage for the whole Auth0 community. Picus Blue Report 2025 is Here: 2X increase in password cracking 46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.