heroui logo

DocuSign Recipient Authentication Failure

Panther Rules

View Source
Summary
The `DocuSign Recipient Authentication Failure` rule monitors authentication attempts by recipients of DocuSign envelopes, specifically focusing on those that fail. The rule is triggered when a recipient is unable to authenticate successfully, which may indicate potential unauthorized access or compromised credentials. With a medium severity level, the rule logs events related to failed authentication, analyzing the recipient's email, authentication methods, and error reasons reported by the API. It provides a systematic approach in the associated runbook for investigating these incidents, including reviewing the legitimacy of the user and the sensitivity of the documents involved. The rule is configured to trigger if five or more failures are detected within a 60-minute window, promoting timely response to possible security threats.
Categories
  • Cloud
  • Application
  • Identity Management
Data Sources
  • Driver
  • Process
Created: 2025-10-10