<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Support Workflow on Tarragon</title><link>https://tarrragon.github.io/blog/tags/support-workflow/</link><description>Recent content in Support Workflow on Tarragon</description><generator>Hugo -- gohugo.io</generator><language>zh-TW</language><copyright>Tarragon (CC BY 4.0)</copyright><lastBuildDate>Thu, 30 Apr 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://tarrragon.github.io/blog/tags/support-workflow/index.xml" rel="self" type="application/rss+xml"/><item><title>Okta 2023 Support Token：身份支援流程壓力</title><link>https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/field-cases/okta-support-token-2023-identity-pressure/</link><pubDate>Thu, 30 Apr 2026 00:00:00 +0000</pubDate><guid>https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/field-cases/okta-support-token-2023-identity-pressure/</guid><description>&lt;p>本案例的責任是提供身份供應鏈與支援流程壓力素材。Okta 2023 support system incident 顯示，支援系統、HAR 檔、session token 與客戶通報節奏可以共同形成身份防守壓力。&lt;/p>
&lt;h2 id="來源">來源&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>來源&lt;/th>
 &lt;th>可引用範圍&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>&lt;a href="https://sec.okta.com/articles/2023/10/tracking-unauthorized-access-oktas-support-system/">Okta：Tracking Unauthorized Access to Okta&amp;rsquo;s Support System&lt;/a>&lt;/td>
 &lt;td>support case management system、HAR file、stolen credential、customer notification&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause/">Okta：Root Cause and Remediation&lt;/a>&lt;/td>
 &lt;td>影響範圍、session token hijacking、remediation&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://blog.cloudflare.com/fr-fr/how-cloudflare-mitigated-yet-another-okta-compromise">Cloudflare：How Cloudflare mitigated yet another Okta compromise&lt;/a>&lt;/td>
 &lt;td>客戶側偵測、即時回應、Zero Trust 與 hardware key 防守效果&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="defender-pressure">Defender Pressure&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>壓力&lt;/th>
 &lt;th>服務判讀&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>Support workflow pressure&lt;/td>
 &lt;td>支援附件與 troubleshooting 資料需要視為高敏感資料&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Session pressure&lt;/td>
 &lt;td>session token 需要能被快速定位、撤銷與回查&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Customer coordination pressure&lt;/td>
 &lt;td>供應商與客戶之間需要明確通報、回應與驗證路由&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Identity boundary pressure&lt;/td>
 &lt;td>production service 與 support system 的風險需要共同納入身份治理&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="control-gap">Control Gap&lt;/h2>
&lt;p>控制缺口的核心是支援流程承載了身份敏感材料。當 HAR 檔或支援附件可能包含 session token，支援系統就不只是客服工具，而是身份供應鏈的一部分。&lt;/p>
&lt;h2 id="detection-route">Detection Route&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>訊號&lt;/th>
 &lt;th>判讀用途&lt;/th>
 &lt;th>下一步&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>支援系統下載敏感附件&lt;/td>
 &lt;td>判斷 support workflow exposure&lt;/td>
 &lt;td>啟動附件清查與 token 回收&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>customer tenant 出現異常 session&lt;/td>
 &lt;td>判斷 session hijack 風險&lt;/td>
 &lt;td>啟動 &lt;a href="https://tarrragon.github.io/blog/backend/knowledge-cards/token-revocation/" data-link-title="Token Revocation" data-link-desc="說明事件中如何撤銷 token，縮短可利用窗口">token revocation&lt;/a>&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>客戶先於供應商發現異常&lt;/td>
 &lt;td>判斷 vendor coordination gap&lt;/td>
 &lt;td>啟動 incident communication route&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="exercise-hook">Exercise Hook&lt;/h2>
&lt;p>本案例可支撐 &lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/scenarios/identity-support-token-tabletop/" data-link-title="Identity Support Token Tabletop" data-link-desc="以支援流程與 session token 風險設計身份接管 tabletop 情境">Identity support token tabletop&lt;/a>。演練重點是確認支援附件進入系統後，團隊是否能快速定位 token、撤銷 session、通知 owner 並回寫支援流程。&lt;/p>
&lt;h2 id="write-back-target">Write-back Target&lt;/h2>
&lt;ul>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/identity-access-boundary/" data-link-title="7.2 身分與授權邊界" data-link-desc="以問題驅動方式整理身分、授權、會話與供應商身分鏈">7.2 身分與授權邊界&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/incident-triage-loop/" data-link-title="7.B6 Incident Triage Loop" data-link-desc="把資安訊號轉成 triage、severity、owner、containment 與 evidence 的回應循環">7.B6 Incident Triage Loop&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/control-owner-pattern/" data-link-title="Control Owner Pattern" data-link-desc="定義高風險控制面如何配置 owner、協作角色、決策角色與升級路徑">Control owner pattern&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/evidence-chain-pattern/" data-link-title="Evidence Chain Pattern" data-link-desc="定義事故與演練需要保存的訊號、決策、artifact、timeline 與 retention 證據">Evidence chain pattern&lt;/a>&lt;/li>
&lt;/ul></description><content:encoded><![CDATA[<p>本案例的責任是提供身份供應鏈與支援流程壓力素材。Okta 2023 support system incident 顯示，支援系統、HAR 檔、session token 與客戶通報節奏可以共同形成身份防守壓力。</p>
<h2 id="來源">來源</h2>
<table>
  <thead>
      <tr>
          <th>來源</th>
          <th>可引用範圍</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td><a href="https://sec.okta.com/articles/2023/10/tracking-unauthorized-access-oktas-support-system/">Okta：Tracking Unauthorized Access to Okta&rsquo;s Support System</a></td>
          <td>support case management system、HAR file、stolen credential、customer notification</td>
      </tr>
      <tr>
          <td><a href="https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause/">Okta：Root Cause and Remediation</a></td>
          <td>影響範圍、session token hijacking、remediation</td>
      </tr>
      <tr>
          <td><a href="https://blog.cloudflare.com/fr-fr/how-cloudflare-mitigated-yet-another-okta-compromise">Cloudflare：How Cloudflare mitigated yet another Okta compromise</a></td>
          <td>客戶側偵測、即時回應、Zero Trust 與 hardware key 防守效果</td>
      </tr>
  </tbody>
</table>
<h2 id="defender-pressure">Defender Pressure</h2>
<table>
  <thead>
      <tr>
          <th>壓力</th>
          <th>服務判讀</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td>Support workflow pressure</td>
          <td>支援附件與 troubleshooting 資料需要視為高敏感資料</td>
      </tr>
      <tr>
          <td>Session pressure</td>
          <td>session token 需要能被快速定位、撤銷與回查</td>
      </tr>
      <tr>
          <td>Customer coordination pressure</td>
          <td>供應商與客戶之間需要明確通報、回應與驗證路由</td>
      </tr>
      <tr>
          <td>Identity boundary pressure</td>
          <td>production service 與 support system 的風險需要共同納入身份治理</td>
      </tr>
  </tbody>
</table>
<h2 id="control-gap">Control Gap</h2>
<p>控制缺口的核心是支援流程承載了身份敏感材料。當 HAR 檔或支援附件可能包含 session token，支援系統就不只是客服工具，而是身份供應鏈的一部分。</p>
<h2 id="detection-route">Detection Route</h2>
<table>
  <thead>
      <tr>
          <th>訊號</th>
          <th>判讀用途</th>
          <th>下一步</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td>支援系統下載敏感附件</td>
          <td>判斷 support workflow exposure</td>
          <td>啟動附件清查與 token 回收</td>
      </tr>
      <tr>
          <td>customer tenant 出現異常 session</td>
          <td>判斷 session hijack 風險</td>
          <td>啟動 <a href="/blog/backend/knowledge-cards/token-revocation/" data-link-title="Token Revocation" data-link-desc="說明事件中如何撤銷 token，縮短可利用窗口">token revocation</a></td>
      </tr>
      <tr>
          <td>客戶先於供應商發現異常</td>
          <td>判斷 vendor coordination gap</td>
          <td>啟動 incident communication route</td>
      </tr>
  </tbody>
</table>
<h2 id="exercise-hook">Exercise Hook</h2>
<p>本案例可支撐 <a href="/blog/backend/07-security-data-protection/blue-team/materials/scenarios/identity-support-token-tabletop/" data-link-title="Identity Support Token Tabletop" data-link-desc="以支援流程與 session token 風險設計身份接管 tabletop 情境">Identity support token tabletop</a>。演練重點是確認支援附件進入系統後，團隊是否能快速定位 token、撤銷 session、通知 owner 並回寫支援流程。</p>
<h2 id="write-back-target">Write-back Target</h2>
<ul>
<li><a href="/blog/backend/07-security-data-protection/identity-access-boundary/" data-link-title="7.2 身分與授權邊界" data-link-desc="以問題驅動方式整理身分、授權、會話與供應商身分鏈">7.2 身分與授權邊界</a></li>
<li><a href="/blog/backend/07-security-data-protection/blue-team/incident-triage-loop/" data-link-title="7.B6 Incident Triage Loop" data-link-desc="把資安訊號轉成 triage、severity、owner、containment 與 evidence 的回應循環">7.B6 Incident Triage Loop</a></li>
<li><a href="/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/control-owner-pattern/" data-link-title="Control Owner Pattern" data-link-desc="定義高風險控制面如何配置 owner、協作角色、決策角色與升級路徑">Control owner pattern</a></li>
<li><a href="/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/evidence-chain-pattern/" data-link-title="Evidence Chain Pattern" data-link-desc="定義事故與演練需要保存的訊號、決策、artifact、timeline 與 retention 證據">Evidence chain pattern</a></li>
</ul>
]]></content:encoded></item></channel></rss>