Skip to main content
All CollectionsTemplatesBasic
Handle Panther Okta Alerts on User Action Detection - Workflow Template
Handle Panther Okta Alerts on User Action Detection - Workflow Template

On a new Panther alert from Okta, ask the user if the action was intended and if so mark the alert resolved. If not, open a Torq case.

Updated over a week ago

This workflow template provides a mechanism for responding to Okta alerts generated by Panther. Upon a new Okta alert, the workflow identifies the user in Slack. If the user confirms the legitimacy of the activity, the Panther alert is resolved. Otherwise, it opens a Torq case and clears any Okta sessions for security measures. Theworkflow enhances incident response efficiency and user compliance by integrating automated communications and case management.

Trigger

Panther

Use Cases

Device & User Compliance

Workflow Breakdown

  1. Receive an alert from Panther on a new Okta alert

  2. Look for user in Slack, if found proceed. If not open a Tora case.

  3. If the user confirms the action was valid, resolve the alert in Panther and add a comment

  4. If the user does not acknowledge the action, open a Torq case and clear any Okta sessions.

  5. When a Torq case is opened add the email and ip address as observables to the Torq case.

Vendors

Slack, Utils, Okta, Torq Cases, Panther

Workflow Output

Updates to the Panther alert and Slack messages to the Okta user.

Did this answer your question?