Products: Duo Security - Multi-Factor Authentication (MFA)
| Rule ID | Rule Name |
|---|---|
| THRESHOLD-S00096 | Brute Force Attempt |
| FIRST-S00029 | First Seen Successful Authentication From Unexpected Country |
| THRESHOLD-S00097 | Impossible Travel - Successful |
| THRESHOLD-S00098 | Impossible Travel - Unsuccessful |
| THRESHOLD-S00095 | Password Attack |
| OUTLIER-S00001 | Spike in Login Failures from a User |
| CHAIN-S00008 | Successful Brute Force |
| MATCH-S00815 | Threat Intel - Successful Authentication from Threat IP |
| Log Mapper ID | Log Mapper Name |
|---|---|
| addda6e4-9041-11e8-9eb6-529269fb1459 | Duo Authentication via CEF |
| 640b4eb0-669a-46f4-9229-48c30c50e5ef | Duo Security Admin API - Audit |
| 0ff9bf08-24c1-4f7f-b2f0-d522b1681035 | Duo Security Admin API - Authentication |
| 11f44f6a-1313-479c-ba8e-d15b61c0da8c | Duo Security Admin API - Non-User Audit Changes |
| 79827cc5-ec48-4ca0-bf04-924fc5368c02 | Duo Security Admin API - Targeted User Audit Changes |
| 71958300-7D31-4909-9448-4DF68E80B706 | Duo Security Authentication API |