Authentication route is not protected by AAP's ATO Detection

Documentos > Datadog Security > OOTB Rules > Authentication route is not protected by AAP's ATO Detection

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

This rule identifies when an authentication route is not protected from Account Takeover Attacks (ATO) by App & API Protection’s ATO Detection.

An account takeover occurs when an attacker gains access to a user’s account credentials and assumes control of the account. Datadog can detect and protect against common strategies implemented by attackers, such as Credential Stuffing or Brute Forcing. For more information on this works, see ASM account takeover protection.

Rationale

This finding identifies authentication endpoints that are not instrumented to provide business_logic.users.login.success or business_logic.users.login.failure user activity events to Datadog, resulting in no security observability to detect the ATO attacks. Review your instrumented business logic events.

Remediation

Instrument your code to enable Datadog ASM’s ATO Detection on your login endpoints.