Auth0 user logged in with a breached password

auth0

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1078-valid-accounts

Set up the auth0 integration.

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when a user logs in with a breached password.

Strategy

Auth0 logs an event when a user logs in with a breached password. When this event is detected, Datadog generates a MEDIUM severity Security Signal.

You can see more information on how Auth0 detects breached passwords on their documentation.

Triage and response

  1. Inspect the policy and user location to see if this was a login from approved location
  2. See if 2FA was authenticated
  3. If the user was compromised, rotate user credentials.
PREVIEWING: dgreen15/github-error-fix