{"actor": {"id": "00ufgmc7x27vTGT1L5d7", "type": "User", "alternateId": "daftpunk@gmail.com", "displayName": "hackpsy strt", "detailEntry": null}, "client": {"userAgent": {"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36", "os": "Mac OS 13.4.0 (Ventura)", "browser": "CHROME"}, "zone": "null", "device": "Computer", "id": "0oadul0qafQNlVSXc5d7", "ipAddress": "23.93.1.1", "geographicalContext": {"city": "Oakland", "state": "California", "country": "United States", "postalCode": "94666", "geolocation": {"lat": 37.7906, "lon": -122.2412}}}, "device": null, "authenticationContext": {"authenticationProvider": null, "credentialProvider": null, "credentialType": null, "issuer": null, "interface": null, "authenticationStep": 0, "externalSessionId": "idxiiDSIWJxR--Gvc_e3e6IXQ"}, "displayMessage": "Evaluation of sign-on policy", "eventType": "policy.evaluate_sign_on", "outcome": {"result": "ALLOW", "reason": "Sign-on policy evaluation resulted in AUTHENTICATED"}, "published": "2024-03-18T16:23:02.715Z", "securityContext": {"asNumber": 46375, "asOrg": "sonic.net  llc", "isp": "sonic telecom llc", "domain": "sonic.net", "isProxy": false}, "severity": "INFO", "debugContext": {"debugData": {"redirectUri": "https://x.x.x.x:8000/en-US/app/Splunk_TA_okta_identity_cloud/splunk_ta_okta_identity_cloud_redirect", "authMethodSecondVerificationTime": "2024-03-18T15:56:56.470Z", "authMethodFirstVerificationTime": "2024-03-18T15:56:38.084Z", "authMethodFirstEnrollment": "lae1qdvnfgSKwDdvn5d7", "requestUri": "/oauth2/v1/authorize", "url": "/oauth2/v1/authorize?response_type=code&client_id=0oadul0qafQNlVSXc5d7&redirect_uri=https%3A%2F%2Fx.x.x.x%3A8000%2Fen-US%2Fapp%2FSplunk_TA_okta_identity_cloud%2Fsplunk_ta_okta_identity_cloud_redirect&state=e92cdd639e9b40378e8a8242577ba05e&scope=offline_access+okta.users.read+okta.groups.read+okta.logs.read+okta.apps.read", "authnRequestId": "21ab6c3bfceba23ba14cf40bdc633989", "requestId": "21ab6c3bfceba23ba14cf40bdc633989", "dtHash": "5a60c5862cb128432dca3ac69c1b896d47690b9891501bf68f059647f4bda318", "authMethodFirstType": "okta_password:password:autdu3fv7qqAEADih5d7", "authMethodSecondEnrollment": "pfdfgmihdnnSNSsAU5d7", "threatSuspected": "false", "authMethodSecondType": "okta_verify:push:autdu3fv7w39U5GMt5d7"}}, "legacyEventType": null, "transaction": {"type": "WEB", "id": "21ab6c3bfceba23ba14cf40bdc633989", "detail": {}}, "uuid": "cb0b5180-e543-11ee-b8e7-f9c990bca30b", "version": "0", "request": {"ipChain": [{"ip": "23.93.1.1", "geographicalContext": {"city": "Oakland", "state": "California", "country": "United States", "postalCode": "94666", "geolocation": {"lat": 37.7906, "lon": -122.2412}}, "version": "V4", "source": null}]}, "target": [{"id": "0oadul0qafQNlVSXc5d7", "type": "AppInstance", "alternateId": "strt_okta_developer", "displayName": "OpenID Connect Client", "detailEntry": {"signOnModeType": "OPENID_CONNECT", "signOnModeEvaluationResult": "AUTHENTICATED"}}, {"id": "ruldu3fv8o5j1teuH5d7", "type": "Rule", "alternateId": "unknown", "displayName": "Catch-all Rule", "detailEntry": {"policyRuleFactorMode": "1FA"}}]}
{"actor": {"id": "00ufgmc7x27vTGT1L5d7", "type": "User", "alternateId": "daftpunk@gmail.com", "displayName": "hackpsy strt", "detailEntry": null}, "client": {"userAgent": {"rawUserAgent": "python 3.11/attacker_user_agent", "os": "Mac OS 12.1.0 (Ventura)", "browser": "Mozilla"}, "zone": "null", "device": "Computer", "id": "0oadul0qafQNlVSXc5d7", "ipAddress": "18.185.207.118", "geographicalContext": {"city": "Frankfurt am Main", "state": "Hesse", "country": "Germany", "postalCode": "60313", "geolocation": {"lat": 50.1188, "lon":  8.6843}}}, "device": null, "authenticationContext": {"authenticationProvider": null, "credentialProvider": null, "credentialType": null, "issuer": null, "interface": null, "authenticationStep": 0, "externalSessionId": "idxiiDSIWJxR--Gvc_e3e6IXQ"}, "displayMessage": "Evaluation of sign-on policy", "eventType": "policy.evaluate_sign_on", "outcome": {"result": "ALLOW", "reason": "Sign-on policy evaluation resulted in AUTHENTICATED"}, "published": "2024-03-18T16:24:02.715Z", "securityContext": {"asNumber": 46375, "asOrg": "sonic.net  llc", "isp": "sonic telecom llc", "domain": "sonic.net", "isProxy": false}, "severity": "INFO", "debugContext": {"debugData": {"redirectUri": "https://x.x.x.x:8000/en-US/app/Splunk_TA_okta_identity_cloud/splunk_ta_okta_identity_cloud_redirect", "authMethodSecondVerificationTime": "2024-03-18T15:57:56.470Z", "authMethodFirstVerificationTime": "2024-03-18T15:57:38.084Z", "authMethodFirstEnrollment": "lae1qdvnfgSKwDdvn5d7", "requestUri": "/oauth2/v1/authorize", "url": "/oauth2/v1/authorize?response_type=code&client_id=0oadul0qafQNlVSXc5d7&redirect_uri=https%3A%2F%2Fx.x.x.x%3A8000%2Fen-US%2Fapp%2FSplunk_TA_okta_identity_cloud%2Fsplunk_ta_okta_identity_cloud_redirect&state=e92cdd639e9b40378e8a8242577ba05e&scope=offline_access+okta.users.read+okta.groups.read+okta.logs.read+okta.apps.read", "authnRequestId": "21ab6c3bfceba23ba14cf40bdc633989", "requestId": "21ab6c3bfceba23ba14cf40bdc633989", "dtHash": "5a60c5862cb128432dca3ac69c1b896d47690b9891501bf68f059647f4bda318", "authMethodFirstType": "okta_password:password:autdu3fv7qqAEADih5d7", "authMethodSecondEnrollment": "pfdfgmihdnnSNSsAU5d7", "threatSuspected": "false", "authMethodSecondType": "okta_verify:push:autdu3fv7w39U5GMt5d7"}}, "legacyEventType": null, "transaction": {"type": "WEB", "id": "21ab6c3bfceba23ba14cf40bdc633989", "detail": {}}, "uuid": "cb0b5180-e543-11ee-b8e7-f9c990bca30a", "version": "0", "request": {"ipChain": [{"ip": "18.185.207.118", "geographicalContext": {"city": "Frankfurt am Main", "state": "Hesse", "country": "Germany", "postalCode": "60313", "geolocation": {"lat": 50.1188, "lon": 8.6843}}, "version": "V4", "source": null}]}, "target": [{"id": "0oadul0qafQNlVSXc5d7", "type": "AppInstance", "alternateId": "strt_okta_developer", "displayName": "OpenID Connect Client", "detailEntry": {"signOnModeType": "OPENID_CONNECT", "signOnModeEvaluationResult": "AUTHENTICATED"}}, {"id": "ruldu3fv8o5j1teuH5d7", "type": "Rule", "alternateId": "unknown", "displayName": "Catch-all Rule", "detailEntry": {"policyRuleFactorMode": "1FA"}}]}