Authentication route is not protected by ASM's ATO Detection

Docs > Plateforme de sécurité Datadog > OOTB Rules > Authentication route is not protected by ASM's ATO Detection

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This rule identifies when an authentication route is not protected from Account Takeover Attacks (ATO) by ASM’s ATO Detection.

An account takeover occurs when an attacker gains access to a user’s account credentials and assumes control of the account. Datadog can detect and protect against common strategies implemented by attackers, such as Credential Stuffing or Brute Forcing. For more information on this works, see ASM account takeover protection.

Rationale

This finding identifies authentication endpoints that are not instrumented to provide business_logic.users.login.success or business_logic.users.login.failure user activity events to Datadog, resulting in no security observability to detect the ATO attacks. Review your instrumented business logic events.

Remediation

Instrument your code to enable Datadog ASM’s ATO Detection on your login endpoints.