Adaptive MFAログイベント
テナントログには、Adaptive MFAリスク評価スコアに関連する情報を含む、成功したログインイベントと失敗したログインイベントのエントリが含まれます。これらは、ルールコンテキストオブジェクトで使用できるエントリと同じです。Adaptive MFAエントリの構造は次のとおりです。
{
"date": "2020-06-26T15:12:43.654Z",
"type": "s",
"details": {
"riskAssessment": {
"confidence": "high",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"code": "not_found_on_deny_list"
},
"NewDevice": {
"confidence": "medium",
"code": "partial_match",
"details": {
"device": "unknown",
"useragent": "known",
}
},
"ImpossibleTravel": {
"confidence": "high",
"code": "minimal_travel_from_last_login"
}
}
}
},
"description": "Successful login"
}Was this helpful?
/
以下に例を示します。
{
"date": "2020-06-24T20:24:39.412Z",
"type": "s",
"description": "Successful login",
"connection": "Username-Password-Authentication",
"connection_id": "con_16Tpc6YqlWZ4HCut",
"client_id": "9ZteveEZ8CqSLtCNXgvhoCJQ0jt2xSxe",
"client_name": "jwt.io",
"ip": "10.12.13.1",
"client_ip": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
"details": {
"prompts": [
{
"name": "prompt-authenticate",
"initiatedAt": null,
"completedAt": 1593030278513,
"connection": "Username-Password-Authentication",
"connection_id": null,
"strategy": "auth0",
"identity": "5ee10b1ca85332004e44ce3e",
"stats": {
"loginsCount": 66
},
"elapsedTime": null
},
{
"name": "login",
"flow": "universal-login",
"initiatedAt": 1593030268561,
"completedAt": 1593030278558,
"timers": {
"rules": 336
},
"user_id": "auth0|5ee10b1ca85332004e44ce3e",
"user_name": "user@josh.local.dev.auth0.com",
"elapsedTime": 9997
}
],
"initiatedAt": 1593030268550,
"completedAt": 1593030279374,
"elapsedTime": 10824,
"session_id": "dKvR03IjVSNLPaVLqVS-FBuX87z0bBoE",
"riskAssessment": {
"confidence": "medium",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"code": "ip_not_found"
},
"NewDevice": {
"confidence": "medium",
"code": "match_useragent",
"details": {
"device": "unknown",
"useragent": "known",
}
},
"ImpossibleTravel": {
"confidence": "low",
"code": "missing_geoip"
}
}
},
"stats": {
"loginsCount": 66
}
},
"hostname": "josh.local.dev.auth0.com",
"user_id": "auth0|5ee10b1ca85332004e44ce3e",
"user_name": "user@josh.local.dev.auth0.com",
"strategy": "auth0",
"strategy_type": "database"
}Was this helpful?
/
攻撃防御の詳細
Auth0は、ルール実行に関する情報を提供するだけでなく、Adaptive MFA攻撃保護情報をテナントログに含めます。ルールに表示されるのと同じデータ構造がテナントログに表示されます。
{
"date": "2020-06-26T15:12:43.654Z",
"type": "s",
"details": {
"anomalyDetection": {
"confidence": "high",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"reason": "ip not found",
"code": "ip_not_found"
},
"NewDevice": {
"confidence": "medium",
"reason": "match useragent",
"code": "match_useragent"
},
"ImpossibleTravel": {
"confidence": "high",
"reason": "minimal travel",
"code": "minimal_travel_from_last_login"
}
}
},
},
"description": "Successful login"
}Was this helpful?
/
MFAプロンプトの詳細
Adaptive MFAが有効になっている場合、信頼度スコアが低い最初のログイン試行時に、ユーザーはMFA登録を求められます。ログインイベントの詳細にMFAプロンプトが表示される場合があります。例:
{
"_id": "5ef3bb0a72487a0047c32959",
"date": "2020-06-24T20:43:54.159Z",
"type": "s",
"description": "Successful login",
"connection": "Username-Password-Authentication",
"connection_id": "con_16Tpc6YqlWZ4HCut",
"client_id": "9ZteveEZ8CqSLtCNXgvhoCJQ0jt2xSxe",
"client_name": "jwt.io",
"ip": "10.12.13.1",
"client_ip": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
"details": {
"prompts": [
{
"name": "prompt-authenticate",
"completedAt": 1593031413909,
"connection": "Username-Password-Authentication",
"strategy": "auth0",
"identity": "5ee10b1ca85332004e44ce3e",
"stats": {
"loginsCount": 67
},
"elapsedTime": null
},
{
"name": "login",
"flow": "universal-login",
"initiatedAt": 1593031371948,
"completedAt": 1593031413953,
"timers": {
"rules": 443
},
"user_id": "auth0|5ee10b1ca85332004e44ce3e",
"user_name": "user@josh.local.dev.auth0.com",
"elapsedTime": 42005
},
{
"name": "mfa",
"flow": "universal-mfa",
"initiatedAt": 1593031414863,
"completedAt": 1593031433795,
"performed_acr": [
"http://schemas.openid.net/pape/policies/2007/06/multi-factor"
],
"performed_amr": [
"mfa"
],
"provider": "guardian",
"elapsedTime": 18932
}
],
"initiatedAt": 1593031371938,
"completedAt": 1593031434151,
"elapsedTime": 62213,
"session_id": "ulYRdsS1F4wIKLpUfQDfhyXgKVJqJaEv",
"riskAssessment": {
"confidence": "medium",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"code": "ip_not_found"
},
"NewDevice": {
"confidence": "medium",
"code": "match_useragent",
"details": {
"device": "unknown",
"useragent": "known",
}
},
"ImpossibleTravel": {
"confidence": "low",
"code": "missing_geoip"
}
}
},
"stats": {
"loginsCount": 67
}
},
"hostname": "josh.local.dev.auth0.com",
"user_id": "auth0|5ee10b1ca85332004e44ce3e",
"user_name": "user@josh.local.dev.auth0.com",
"strategy": "auth0",
"strategy_type": "database"
}Was this helpful?
/
MFAプロバイダーの詳細
特定のMFAプロバイダーのイベントが表示される場合があります。OTP認証成功イベントを含む例を以下に示します。
{
"_id": "5ef3bb0922b43d004844af00",
"date": "2020-06-24T20:43:53.758Z",
"type": "gd_auth_succeed",
"description": "Guardian - Second factor authentication succeed (totp)",
"ip": "10.12.13.1",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
"details": {
"request": {
"method": "POST",
"path": "/api/totp/configs/josh/authenticators/totp%7Cdev_3KQv6yQ06pLoksIe/verify",
"query": {},
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
"body": {
"code": "********"
},
"ip": "10.12.13.1",
"auth": {
"subject": null,
"strategy": "jwt_api2_internal_token",
"scopes": [
"read:authenticators",
"verify:authenticator"
]
}
},
"response": {
"body": {},
"statusCode": null
},
"authenticator": {
"id": "totp|dev_3KQv6yQ06pLoksIe",
"type": "totp"
},
"device_id": "v0:45e50ea0-b65b-11ea-9dd7-27e2c7f14291"
},
"user_id": "auth0|5ee10b1ca85332004e44ce3e"
}Was this helpful?
/