Mappings: Okta Catch All
| Input | Value |
|---|---|
| Vendor | Okta |
| Product | SSO |
| Log Format | JSON |
| Event ID Regex Pattern | _default_ |
| Output | Value |
|---|---|
| Vendor | Okta |
| Product | Single Sign-On |
| Record Type | Audit |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| description | displayMessage | |
| device_ip | client.ipAddress | |
| http_userAgent | client.userAgent.rawUserAgent | |
| sessionId | authenticationContext.externalSessionId | |
| severity | severity | |
| srcDevice_ip | request.ipChain.1.ip | |
| success | outcome.result | This is a lookup field. More info to come in the catalog later... |
| targetUser_username | target_user | |
| user_authDomain | securityContext.domain | |
| user_userId | target.1.id | |
| user_username | user |