< Back to rules searchAuth0 user authenticating from multiple countries
Set up the auth0 integration.
Overview
Goal:
Detect log ins from the same user from multiple countries within a short time frame.
Strategy:
Utilize geo-ip data to detect when a user logs in from two IP addresses which are in different countries within a short time frame.
Triage & Response:
- See if 2FA was used for authentication.
- Contact the user and see if this behavior is expected.
- If the user was compromised, rotate the user credentials.