Dorothy - Tool To Test Security Monitoring And Detection For Okta Environments

Created by David French (@threatpunter) at Elastic Security

Dorothy is a tool to help security teams test their monitoring and detection capabilities for their Okta environment. Dorothy has several modules to simulate actions that an attacker might take while operating in an Okta environment and actions that security teams should be able to audit. The modules are mapped to the relevant MITRE ATT&CK® tactics, such as persistence, defense evasion, and discovery.

Learn more about Dorothy and how to get started with it in this blog post or this presentation.

Elastic Security's free detection rules for Okta can be found in our detection-rules repo. You can read this blog post to learn more about how Elastic Security helps with cloud monitoring and detection.

Dorothy can change the configuration of your Okta environment. Consider using Dorothy in a test environment to avoid any risk of impacting your production environment.

Getting Started

Head on over to the wiki for help installing and running Dorothy.

Questions? Problems? Suggestions?

Reach out in the #security channel in Elastic's Community Slack workspace or open an issue in this repo.



Justin Ibarra and Ross Wolf - The style and layout of this project is inspired by shell/CLI utilities that they've developed.


Obtain the proper authorization before using Dorothy in an environment that you do not own and administer. Users take full responsibility for the outcomes of using Dorothy.

Dorothy is licensed under the Apache License Version 2.0.

Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.

How to Contribute

Interested in contributing to Dorothy? Thanks for your interest. Please familiarize yourself with the contribution guide.

Fun Facts
  • Dorothy is a scientific tornado instrument used to analyze data and to radio back information to create an advanced warning system.
  • What is an Okta? A unit of measurement used to describe the amount of cloud cover at a given location in terms of how many eighths of the sky are covered in clouds

Dorothy - Tool To Test Security Monitoring And Detection For Okta Environments Dorothy - Tool To Test Security Monitoring And Detection For Okta Environments Reviewed by Zion3R on 5:30 PM Rating: 5