Credential stuffing attack on Auth0
Set up the auth0 integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect Account Take Over (ATO) through credential stuffing attack.
Strategy
To determine a successful attempt: Detect a high number of failed logins from at least ten unique users and at least one successful login for a user. This generates a HIGH
severity signal.
To determine an unsuccessful attempt: Detect a high number of failed logins from at least ten unique users. This generates an INFO
severity signal.
Triage and response
- Inspect the logs to see if this was a valid login attempt.
- See if 2FA was authenticated
- If the user was compromised, rotate user credentials.
Changelog
13 June 2022 - Updated Keep Alive window and evaluation window to reduce rule noise.