HealthInsight Reporting on Okta ThreatInsight

If Okta ThreatInsight is enabled, HealthInsight reports on the number of events detected and links to Okta Syslog for admins to query the data events further.

When Okta ThreatInsight is configured with audit mode and suspicious sign-ins are detected, the HealthInsight recommendation displays the number of sign-in attempts from suspicious IPs in the last 7 days.

When Okta ThreatInsight is configured with block mode and suspicious sign-ins are detected, the HealthInsight recommendation displays the number of blocked sign-in attempts from suspicious IPs in the last 7 days.

Note

Note

The number of suspicious sign-ins detected can be underestimated. Okta ThreatInsight may limit the events reported if the frequency of suspicious sign-ins is too high.