Duo Security Fraudulent Push Notification SIEM Detection

Duo Security is used to require Multi-Factor Authentication (MFA) to an organization. With Blumira, admins can consolidate MFA authentication logs and correlate them towards Blumira Security Detections. This samples shows a detection(finding) alert in Blumira when a user marks a push notification as a fraudulent request.

Test SIEM Detection - Duo Security Fraudulent Push Notification

This guide will walk through a detection test when a user utilizing Duo Security gets a push notification from a fraudulent source.

Prerequisites:

The Duo Security Module must be enabled and logging properly to Blumira

Detection Test:

Have the Duo Admin Panel & Blumira Admin Panel open
Go to an application protected by Duo Security
Once on the Duo Prompt (MFA) screen, select "Send Me a Push" to your mobile device or tablet
When received, deny the push notification by select the red X
Select "Report as Fraud"
Within minutes, a Finding (alert) will appear in Blumira on the Responder Dashboard

Additional Security Resources

View All Posts

man sits at a decision tree playbook on his computer using Blumira SIEM

SIEM XDR

6 min read | February 7, 2025

How our SIEM Playbooks Guide You Through Threat Response

Graphic of two people sitting at desks, with charts and workflows surrounding them, and the caption

SIEM XDR

5 min read | December 11, 2024

Manual vs Automated Security Visibility for Resource-Constrained Teams

Graphic with a group of people looking at a computer dashboard with connected video cameras on the top and sides.

SIEM XDR

4 min read | November 25, 2024

What is Unified Visibility and What Does it Offer?

Get Started for Free

Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors, forever.