Table: okta_network_zone - Query Okta Network Zones using SQL
A Network Zone in Okta represents a set of IP address ranges. It can be used to control the security behavior of end users and applications based on their IP location. Network Zones help in defining trusted IP ranges, blocking suspicious IP ranges, and setting up behavior detection for each zone.
Table Usage Guide
The okta_network_zone table provides insights into Network Zones within Okta. As a security administrator, explore zone-specific details through this table, including zone type, status, system, and conditions. Utilize it to manage access control based on IP location, identify trusted IP ranges, and set up behavior detection for each zone.
Examples
Basic info
Gain insights into the creation, status, and usage of various network zones in your Okta system. This information can be helpful in understanding the overall network configuration and assessing any potential security risks.
select name, id, created, status, system, locations, proxy_type, usagefrom okta_network_zone;select name, id, created, status, system, locations, proxy_type, usagefrom okta_network_zone;List TorAnonymizer proxy type network zone
Explore which network zones are set up as TorAnonymizer proxies. This can be particularly useful for identifying potential security risks or for auditing your network's configuration.
select name, id, created, status, system, proxy_typefrom okta_network_zonewhere proxy_type = 'TorAnonymizer';select name, id, created, status, system, proxy_typefrom okta_network_zonewhere proxy_type = 'TorAnonymizer';List network zones location and region details
Analyze your network zones to understand their geographical distribution. This is useful when you need to pinpoint specific locations for network management or security purposes.
select name, id, l -> 'country' as country, l -> 'region' as regionfrom okta_network_zone, jsonb_array_elements(locations) as l;select name, id, json_extract(l.value, '$.country') as country, json_extract(l.value, '$.region') as regionfrom okta_network_zone, json_each(locations) as l;List system network zones
Explore which network zones are system-generated in your Okta environment. This can help you understand and manage the security of your system.
select name, id, created, status, systemfrom okta_network_zonewhere system;select name, id, created, status, systemfrom okta_network_zonewhere system;List active network zones
Explore the active network zones in your system, allowing you to understand the current operational areas for better management and security planning.
select name, id, created, status, system, proxy_typefrom okta_network_zonewhere status = 'ACTIVE';select name, id, created, status, system, proxy_typefrom okta_network_zonewhere status = 'ACTIVE';Schema for okta_network_zone
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| asns | jsonb | Format of each array value: a string representation of an ASN numeric value. | |
| created | timestamp with time zone | Timestamp when the network zone was created. | |
| gateways | jsonb | IP addresses (range or CIDR form) of the zone. | |
| id | text | = | Identifier of the network zone. |
| last_updated | timestamp with time zone | Timestamp when the network zone was last modified. | |
| locations | jsonb | The geolocations of the zone. | |
| name | text | Unique name for the zone. | |
| proxies | jsonb | IP addresses (range or CIDR form) that are allowed to forward a request from gateway addresses. These proxies are automatically trusted by Threat Insights. These proxies are used to identify the client IP of a request. | |
| proxy_type | text | One of: '' or null (when not specified), Any (meaning any proxy), Tor, NotTorAnonymizer. | |
| status | text | Status of the network zone: ACTIVE or INACTIVE. | |
| system | boolean | Indicates if this is a system network zone. | |
| title | text | The title of the resource. | |
| type | text | The type of the network zone. | |
| usage | text | Usage of Zone: POLICY, BLOCKLIST. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oktaYou can pass the configuration to the command with the --config argument:
steampipe_export_okta --config '<your_config>' okta_network_zone