Credential stuffing attack on Auth0
Set up the auth0 integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect Account Take Over (ATO) through credential stuffing attack.
Strategy
To determine a successful attempt: Detect a high number of failed logins from at least ten unique users and at least one successful login for a user. This generates a HIGH severity signal.
To determine an unsuccessful attempt: Detect a high number of failed logins from at least ten unique users. This generates an INFO severity signal.
Triage and response
- Inspect the logs to see if this was a valid login attempt.
- See if 2FA was authenticated
- If the user was compromised, rotate user credentials.
Changelog
13 June 2022 - Updated Keep Alive window and evaluation window to reduce rule noise.
