Auth0 breached password detection disabled
Set up the auth0 integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect when Auth0 breached password detection is disabled.
Strategy
This rule allows you to monitor Auth0 logs and detect when Auth0 breached password detection is disabled. Breached password detection protects your applications from bad actors signing up or logging in with stolen credentials. Auth0 can notify users and block accounts that are at risk. Disabling this feature will degrade the security posture of your application, leaving it vulnerable to credential-based attacks like brute force attacks, credential stuffing, or bulk account creation.
Triage and response
- Investigate the client id
{{@data.client_id}}
to understand if this is an expected operation. - Work with your tenant administrator to identify the owner of the application.
- Speak with the owner of the application to understand if this operation is expected and approved.
- If the owner of the application is unaware of this operation:
- Disable the application credentials if possible.
- Investigate any further activity from the IP
{{@network.client.ip}}
or the client id {{@data.client_id}}
. - Begin your organization’s incident response process and investigate.