- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Classification:
attack
Tactic:
Technique:
Set up the okta integration.
Detect Okta Multi-factor Authentication (MFA) fatigue attacks.
This rule lets you monitor the following Okta events to determine when a user has rejected Okta MFA push verify more than once:
user.mfa.okta_verify.deny_push
for Okta Classicuser.authentication.auth_via_mfa
with debugContext.debugData.factor
of OKTA_VERIFY_PUSH
and @evt.outcome
of FAILURE
for Okta Identity EngineAn attacker may attempt to bombard users with repeated MFA push notifications in order to fatigue them, thereby forcing them into verifying their malicious authentication attempts.
{{@usr.email}}
made the observed authentication attempts.{{@network.client.ip}}
using the Cloud SIEM - IP Investigation dashboard to determine if the IP address has taken other actions.