dse7i (dse7i) asked a question.
We would like to turn on enforcement for Threat Insights, but want to exclude our office egress IPs from getting blocked.
Is there a way for us to continue to have Threat Insights in audit/logging mode for our offices using excluded networks while it runs in blocked/enforced mode for other IPs?
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
May Okta Community Buzz
Stay ahead of the curve with Okta for AI Agents, new Okta Learning live sessions and labs, shout-outs, and top trending topics—all aimed at enriching your Okta journey.
Yes. Create a network zone (Security -> Networks) that contains the public IPs for your office, then add that zone to the Exempt Zones list in the Threat Insight configuration.
I thought doing that would also have them ignored from logging/audit mode.
All connections are logged, so excluding your office IPs from Threat Insight doesn't mean your office connections won't get logged. They'll just bypass the Threat Insight processing. We've had blocking enabled for at least a year now, and it works great.
Ah thats the subtle difference. I would still want Threat Insights processing/alerting for our offices. It'd be good to know if we had a compromised box in our network that was trying to brute force our okta tenant.
That's not really how Threat Insight works. Think of it as a large, constantly updating database of IP addresses that have a history of bad behavior. Whenever a client attempts to connect to your org, Okta compares the incoming connection's IP address against the IP addresses in the database, and if it finds a match (and you have blocking turned on), it blocks that incoming connection at the router level, before the client can even get to your org's login page.
For threats from internal users, take a closer look at rate limit monitoring. A brute force attack from inside is more likely to be detected - and stopped - by the rate limits on the Okta API endpoints.