dorothy: test security monitoring and detection for Okta environments
Dorothy is a tool to help security teams test their monitoring and detection capabilities for their Okta environment. Dorothy has several modules to simulate actions that an attacker might take while operating in an Okta environment and actions that security teams should be able to audit. The modules are mapped to the relevant MITRE ATT&CK® tactics, such as persistence, defense evasion, and discovery.
Dorothy was created to help defenders test their security visibility and controls, and does not provide any modules to obtain initial access or escalate privileges in an Okta environment. To execute actions using Dorothy, a valid Okta API token is required that is linked to a user with one or more administrator roles assigned.
A user-friendly shell interface with contextual help is provided for navigation between menus and modules, helping guide the user through simulated intruder scenarios. Other features include configuration profiles to manage connections to individual Okta environments and detailed logging with the option of indexing events into Elasticsearch to provide an audit trail of the actions that were executed using it.
It can change the configuration of your Okta environment. Consider using Dorothy in a test environment to avoid any risk of impacting your production environment.
Copyright 2009-2020 Elastic, N.V.