Authentication route is not protected by ASM's ATO Detection

문서 > Datadog 보안 > OOTB Rules > Authentication route is not protected by ASM's ATO Detection

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This rule identifies when an authentication route is not protected from Account Takeover Attacks (ATO) by ASM’s ATO Detection.

An account takeover occurs when an attacker gains access to a user’s account credentials and assumes control of the account. Datadog can detect and protect against common strategies implemented by attackers, such as Credential Stuffing or Brute Forcing. For more information on this works, see ASM account takeover protection.

Rationale

This finding identifies authentication endpoints that are not instrumented to provide business_logic.users.login.success or business_logic.users.login.failure user activity events to Datadog, resulting in no security observability to detect the ATO attacks. Review your instrumented business logic events.

Remediation

Instrument your code to enable Datadog ASM’s ATO Detection on your login endpoints.