This workflow automates the security monitoring process by periodically examining Okta system logs for specific event types, identifying IPv4 addresses, and cross-referencing them with VirusTotal to detect malicious activity. If a malicious IP is discovered, the workflow updates Okta's network block list and notifies administrators via email. This ensures timely protection against potential threats and maintains robust access management.
Use Cases
Identity and Access Management
Workflow Breakdown
Pull system logs in Okta for specific event type
Extract any IPv4 addresses that are found in the logs
If the IPv4 addresses are not in the block list, lookup IP in VirusTotal
If the IPv4 address is found to be malicious add it to the block list in Okta
Send a confirmation email that the block list was updated including the new IPs and total number in the list.
Vendors
Utils, Okta, VirusTotal, Microsoft Outlook, Microsoft 365
Workflow Output
Updated list of malicious IP addresses as identified by VirusTotal in the System logs and added to the Network Zone.