---
title: Multiple JumpCloud push notifications denied
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Multiple JumpCloud push notifications
  denied
---

# Multiple JumpCloud push notifications denied
Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1621-multi-factor-authentication-request-generation](https://attack.mitre.org/techniques/T1621) 
## Goal{% #goal %}

Detect JumpCloud Multi-factor Authentication (MFA) fatigue attacks.

## Strategy{% #strategy %}

An attacker may repeatedly send MFA push notifications to users in an attempt to fatigue them, thereby coercing them into approving malicious authentication attempts.

## Triage and response{% #triage-and-response %}

1. Verify if the user: `{{@usr.email}}` made the observed authentication attempts.
1. If the user did not make the observed authentication attempts:
   - Rotate user credentials.
   - Confirm that no successful authentication attempts have been made.
   - Investigate the source IP: `{{@network.client.ip}}` to determine if the IP address has taken other actions.