Duo Security Fraudulent Push Notification SIEM Detection

Duo Security is used to require Multi-Factor Authentication (MFA) to an organization. With Blumira, admins can consolidate MFA authentication logs and correlate them towards Blumira Security Detections. This samples shows a detection(finding) alert in Blumira when a user marks a push notification as a fraudulent request.

Test SIEM Detection - Duo Security Fraudulent Push Notification

This guide will walk through a detection test when a user utilizing Duo Security gets a push notification from a fraudulent source.

Prerequisites:

The Duo Security Module must be enabled and logging properly to Blumira

Detection Test:

Have the Duo Admin Panel & Blumira Admin Panel open
Go to an application protected by Duo Security
Once on the Duo Prompt (MFA) screen, select "Send Me a Push" to your mobile device or tablet
When received, deny the push notification by select the red X
Select "Report as Fraud"
Within minutes, a Finding (alert) will appear in Blumira on the Responder Dashboard

Additional Security Resources

View All Posts

Security How-To

4 min read | September 4, 2025

Cybersecurity Training in Manufacturing: Insights from the 2025 Verizon Data Breach Investigations Report

SIEM XDR

7 min read | June 9, 2025

Customer Story: NetCenter Technologies

Compliance Security Frameworks and Insurance

7 min read | May 26, 2025

Customer Story: United Way of Pierce County

Get Started for Free

Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors.