steampipe plugin install okta

Table: okta_network_zone - Query Okta Network Zones using SQL

A Network Zone in Okta represents a set of IP address ranges. It can be used to control the security behavior of end users and applications based on their IP location. Network Zones help in defining trusted IP ranges, blocking suspicious IP ranges, and setting up behavior detection for each zone.

Table Usage Guide

The okta_network_zone table provides insights into Network Zones within Okta. As a security administrator, explore zone-specific details through this table, including zone type, status, system, and conditions. Utilize it to manage access control based on IP location, identify trusted IP ranges, and set up behavior detection for each zone.

Examples

Basic info

Gain insights into the creation, status, and usage of various network zones in your Okta system. This information can be helpful in understanding the overall network configuration and assessing any potential security risks.

select
name,
id,
created,
status,
system,
locations,
proxy_type,
usage
from
okta_network_zone;
select
name,
id,
created,
status,
system,
locations,
proxy_type,
usage
from
okta_network_zone;

List TorAnonymizer proxy type network zone

Explore which network zones are set up as TorAnonymizer proxies. This can be particularly useful for identifying potential security risks or for auditing your network's configuration.

select
name,
id,
created,
status,
system,
proxy_type
from
okta_network_zone
where
proxy_type = 'TorAnonymizer';
select
name,
id,
created,
status,
system,
proxy_type
from
okta_network_zone
where
proxy_type = 'TorAnonymizer';

List network zones location and region details

Analyze your network zones to understand their geographical distribution. This is useful when you need to pinpoint specific locations for network management or security purposes.

select
name,
id,
l -> 'country' as country,
l -> 'region' as region
from
okta_network_zone,
jsonb_array_elements(locations) as l;
select
name,
id,
json_extract(l.value, '$.country') as country,
json_extract(l.value, '$.region') as region
from
okta_network_zone,
json_each(locations) as l;

List system network zones

Explore which network zones are system-generated in your Okta environment. This can help you understand and manage the security of your system.

select
name,
id,
created,
status,
system
from
okta_network_zone
where
system;
select
name,
id,
created,
status,
system
from
okta_network_zone
where
system;

List active network zones

Explore the active network zones in your system, allowing you to understand the current operational areas for better management and security planning.

select
name,
id,
created,
status,
system,
proxy_type
from
okta_network_zone
where
status = 'ACTIVE';
select
name,
id,
created,
status,
system,
proxy_type
from
okta_network_zone
where
status = 'ACTIVE';

Schema for okta_network_zone

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
asnsjsonbFormat of each array value: a string representation of an ASN numeric value.
createdtimestamp with time zoneTimestamp when the network zone was created.
domaintext=, !=, ~~, ~~*, !~~, !~~*The okta domain name.
gatewaysjsonbIP addresses (range or CIDR form) of the zone.
idtext=Identifier of the network zone.
last_updatedtimestamp with time zoneTimestamp when the network zone was last modified.
locationsjsonbThe geolocations of the zone.
nametextUnique name for the zone.
proxiesjsonbIP addresses (range or CIDR form) that are allowed to forward a request from gateway addresses. These proxies are automatically trusted by Threat Insights. These proxies are used to identify the client IP of a request.
proxy_typetextOne of: '' or null (when not specified), Any (meaning any proxy), Tor, NotTorAnonymizer.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextStatus of the network zone: ACTIVE or INACTIVE.
systembooleanIndicates if this is a system network zone.
titletextThe title of the resource.
typetextThe type of the network zone.
usagetextUsage of Zone: POLICY, BLOCKLIST.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_network_zone