heroui logo

Auth0: Failed Voice Call for MFA

Anvilogic Forge

View Source
Summary
This rule detects failed voice-based multi-factor authentication (MFA) attempts in Auth0 environments. It identifies events where the system logs indicate attempted voice call MFA failures, which can arise from various factors such as user errors in entering their information, telephony service disruptions, or malicious probing from threat actors seeking to exploit weaknesses in the MFA setup. Using the specified logic, the rule parses authentication logs for events that signify a failure in sending the MFA voice call. The rule aggregates data points including time, host, user, and geographical location to provide insights on the failed attempts. Such detections are crucial for identifying potential issues that could compromise user accounts and the overall security of the authentication process.
Categories
  • Identity Management
  • Cloud
Data Sources
  • User Account
  • Application Log
ATT&CK Techniques
  • T1621
Created: 2025-02-28