This workflow template provides a mechanism for responding to Okta alerts generated by Panther. Upon a new Okta alert, the workflow identifies the user in Slack. If the user confirms the legitimacy of the activity, the Panther alert is resolved. Otherwise, it opens a Torq case and clears any Okta sessions for security measures. Theworkflow enhances incident response efficiency and user compliance by integrating automated communications and case management.
Trigger
Panther
Use Cases
Device & User Compliance
Workflow Breakdown
Receive an alert from Panther on a new Okta alert
Look for user in Slack, if found proceed. If not open a Tora case.
If the user confirms the action was valid, resolve the alert in Panther and add a comment
If the user does not acknowledge the action, open a Torq case and clear any Okta sessions.
When a Torq case is opened add the email and ip address as observables to the Torq case.
Vendors
Slack, Utils, Okta, Torq Cases, Panther
Workflow Output
Updates to the Panther alert and Slack messages to the Okta user.