Asana user multi-factor authentication method disabled
Set up the asana integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect when a user has disabled two-factor authentication (2FA) for their account. This could indicate an attacker who is maintaining access to a compromised user account by weakening the account’s security controls.
Strategy
This rule monitors multi-factor authentication removal events across users and raises an alert if a user disables their registered method.
Triage and response
- Review logs to identify the user
{{@usr.email}} who has disabled multi-factor authentication. - Determine if the action was user-initiated or performed by an administrator by checking if the log indicates a specific initiator
{{@resource.email}}. - Investigate any recent login and action-related event logs within the Asana platform by
{{@usr.email}} that could demonstrate anomalous behavior. - If the change appears malicious, invoke your security incident response process. Next steps could include:
- Temporarily suspend the affected account.
- Rotate user credentials.
- Work with the user to re-enroll in multi-factor authentication.
