Authentication route is not protected by ASM's ATO Detection

Description

This rule identifies when an authentication route is not protected from Account Takeover Attacks (ATO) by ASM’s ATO Detection.

An account takeover occurs when an attacker gains access to a user’s account credentials and assumes control of the account. Datadog can detect and protect against common strategies implemented by attackers, such as Credential Stuffing or Brute Forcing. For more information on this works, see ASM account takeover protection.

Rationale

This finding identifies authentication endpoints that are not instrumented to provide business_logic.users.login.success or business_logic.users.login.failure user activity events to Datadog, resulting in no security observability to detect the ATO attacks. Review your instrumented business logic events.

Remediation