[Integration Update] Add Sessions, Policy, Factors and Devices data to Okta Entity Analytics

[terrancedejesus]

Summary

The Okta Entity Analytics integration is great for contextual IdP data on users. Often this data can be helpful when writing threat detection rules alongside Okta system logs.

However, according to the documentation, the integration only pulls data from the Users API, which is a great start but does not contain enough contextual information to write high fidelity threat detection rules on. Adding data from the Sessions, Policy, Factors and Devices APIs will add much more enrichment. Below are examples:

• Login failed behind proxy (Okta system logs), where MFA is disabled (Policy data)
• Multiple MFA denied (Okta system logs), where device registered is < 14 days for user (Device data)

Additionally, this contextual and relational data may prove beneficial for ML and LLM initiatives.

cc @tinnytintin10 @jmcarlock

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)