Okta ThreatInsight maintains a constantly evolving list of IP addresses that consistently exhibit malicious activity. Authentication requests that are associated with an IP in this list can be logged to the System Log and blocked. ThreatInsight also covers non-authentication requests in limited capacity depending on the attack patterns of these malicious IPs.
The ThreatInsight API provides operations to manage your org ThreatInsight configuration.
Note: To prevent abuse, Okta ThreatInsight works in a limited capacity for free trial edition orgs. Please contact Okta support if fully functional Okta ThreatInsight is required.
okta.threatInsights.readRetrieves the ThreatInsight configuration for the org
Success
Forbidden
Too Many Requests
{- "action": "none",
- "excludeZones": [ ],
- "created": "2020-08-05T22:18:30.629Z",
- "lastUpdated": "2020-08-05T22:18:30.629Z",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "POST"
]
}
}
}
}okta.threatInsights.manageUpdates the ThreatInsight configuration for the org
| action required | string Specifies how Okta responds to authentication requests from suspicious IP addresses
| ||||||||
| excludeZones | Array of strings Accepts a list of Network Zone IDs. IPs in the excluded network zones aren't logged or blocked. This ensures that traffic from known, trusted IPs isn't accidentally logged or blocked. |
Success
Bad Request
Forbidden
Too Many Requests
{- "action": "audit",
- "excludeZones": [
- "nzo1q7jEOsoCnoKcj0g4",
- "nzouagptWUz5DlLfM0g3"
]
}{- "action": "audit",
- "excludeZones": [
- "nzo1q7jEOsoCnoKcj0g4",
- "nzouagptWUz5DlLfM0g3"
], - "created": "2020-08-05T22:18:30.629Z",
- "lastUpdated": "2020-10-13T21:23:10.178Z",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "POST"
]
}
}
}
}