Skip to content

Home

Jump to bottom
David French edited this page Dec 7, 2020 · 7 revisions

Dorothy

Supported Python Versions Unit Tests Chat PyPI

Created by David French (@threatpunter) at Elastic Security

Dorothy is a tool to help security teams test their monitoring and detection capabilities for their Okta environment. Dorothy has several modules to simulate actions that an attacker might take while operating in an Okta environment and actions that security teams should be able to audit. The modules are mapped to the relevant MITRE ATT&CK® tactics, such as Persistence, Defense Evasion, Discovery, and Impact.

Elastic Security's free detection rules for Okta can be found in our detection-rules repo. You can read this blog post to learn more about how Elastic Security helps with cloud monitoring and detection.

Dorothy can change the configuration of your Okta environment. Consider using Dorothy in a test environment to avoid any risk of impacting your production environment.

Dorothy's whoami and list-modules commands

Overview

  1. Home

Getting Started

  1. Installation
  2. Configuration Profiles
  3. Using the Shell
  4. Logging

Other Useful Info

  1. Elastic Security's Free Detection Rules
  2. Contributing to Dorothy
  3. Questions? Problems? Suggestions?
  4. Disclaimer
Clone this wiki locally