Summary
This week we’ve introduced new ways to access users’ latest login information and changes to our detection of suspicious browser log-ins.
⏮️ Last Login Event
When investigating a user, it’s essential to immediately access the most critical context. One piece of context frequently sought is information about the latest login attempt. In this release, we have made navigating to the most recent login attempt easy. With a click of a button, you will be easily able to access data like:
1. Name
2. Email
3. Event Type
4. Location
5. IP Address
6. Device
7. User Agent
8. Session ID
9. Authentication Details
🙅 Detect Logins from Suspicious Browsers
Over 80% of browser activity comes from well-known browsers like Chrome, IE/Edge, Safari, and Firefox. However, when users log in from less common browsers, there can be several security implications:
- Rare browsers may be unpatched or are less frequently patched
- A different user may be logging on to the account
As with most checks, you can customize these insights by adding to an allow or blocklist. In this release, we’ve added additional rare browser types to select from. This will make it easier to tune Oort’s insights.
Bug Fixes and Minor Improvements
- Okta authentications. Within Activity in user profiles, you will now see Okta authentications displayed in the event table.
- Failed uploads. While most uploads will be successful, sometimes failures happen. You can now view these failures easily within System Logs by selecting “Failure” on the left-hand filters.