Duo Security Fraudulent Push Notification SIEM Detection

Duo Security is used to require Multi-Factor Authentication (MFA) to an organization. With Blumira, admins can consolidate MFA authentication logs and correlate them towards Blumira Security Detections. This samples shows a detection(finding) alert in Blumira when a user marks a push notification as a fraudulent request.

Test SIEM Detection - Duo Security Fraudulent Push Notification

This guide will walk through a detection test when a user utilizing Duo Security gets a push notification from a fraudulent source.

Prerequisites:

The Duo Security Module must be enabled and logging properly to Blumira

Detection Test:

Have the Duo Admin Panel & Blumira Admin Panel open
Go to an application protected by Duo Security
Once on the Duo Prompt (MFA) screen, select "Send Me a Push" to your mobile device or tablet
When received, deny the push notification by select the red X
Select "Report as Fraud"
Within minutes, a Finding (alert) will appear in Blumira on the Responder Dashboard

Additional Security Resources

View All Posts

SIEM XDR

10 min read | November 12, 2024

October 2024 Product Release Notes

SIEM XDR

7 min read | November 5, 2024

WARNING: Some “SIEM” Vendors Are Not Actually Selling A SIEM

SIEM XDR

7 min read | October 29, 2024

After the Sunset: Choosing Your Post-LogRhythm SIEM

Get Started for Free

Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors, forever.