<  Back to rules search

Auth0 user logged in with a breached password

auth0

Classification:

attack

Tactic:

Technique:

Set up the auth0 integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when a user logs in with a breached password.

Strategy

Auth0 logs an event when a user logs in with a breached password. When this event is detected, Datadog generates a MEDIUM severity Security Signal.

You can see more information on how Auth0 detects breached passwords on their [documentation][1].

Triage and response

  1. Inspect the policy and user location to see if this was a login from approved location
  2. See if 2FA was authenticated
  3. If the user was compromised, rotate user credentials.

[1][https://auth0.com/docs/anomaly-detection/brute-force-protection]