Authentication route is not protected by ASM's ATO Detection

Documentos > Datadog Security > OOTB Rules > Authentication route is not protected by ASM's ATO Detection

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This rule identifies when an authentication route is not protected from Account Takeover Attacks (ATO) by ASM’s ATO Detection.

An account takeover occurs when an attacker gains access to a user’s account credentials and assumes control of the account. Datadog can detect and protect against common strategies implemented by attackers, such as Credential Stuffing or Brute Forcing. For more information on this works, see ASM account takeover protection.

Rationale

This finding identifies authentication endpoints that are not instrumented to provide business_logic.users.login.success or business_logic.users.login.failure user activity events to Datadog, resulting in no security observability to detect the ATO attacks. Review your instrumented business logic events.

Remediation

Instrument your code to enable Datadog ASM’s ATO Detection on your login endpoints.