Auth0 user logged in with a breached password

auth0

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1078-valid-accounts

Set up the auth0 integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when a user logs in with a breached password.

Strategy

Auth0 logs an event when a user logs in with a breached password. When this event is detected, Datadog generates a MEDIUM severity Security Signal.

You can see more information on how Auth0 detects breached passwords on their documentation.

Triage and response

  1. Inspect the policy and user location to see if this was a login from approved location
  2. See if 2FA was authenticated
  3. If the user was compromised, rotate user credentials.
PREVIEWING: may/op-log-enrichment