Auth0 user logged in with a breached password

auth0

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1078-valid-accounts

Set up the auth0 integration.

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Goal

Detect when a user logs in with a breached password.

Strategy

Auth0 logs an event when a user logs in with a breached password. When this event is detected, Datadog generates a MEDIUM severity Security Signal.

You can see more information on how Auth0 detects breached passwords on their documentation.

Triage and response

  1. Inspect the policy and user location to see if this was a login from approved location
  2. See if 2FA was authenticated
  3. If the user was compromised, rotate user credentials.