Brute force attack on an Auth0 user
Set up the auth0 integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect a brute force attack on a user.
Strategy
To determine a successful attempt: Detect when the same user fails to login five times and then successfully logs in. This generates a MEDIUM
severity signal.
To determine an unsuccessful attempt: Detect when the same user fails to login five times. This generates an INFO
severity signal.
Triage and response
- Inspect the logs to see if this was a valid login attempt.
- See if 2FA was authenticated
- If the user was compromised, rotate user credentials.