Duo Security Fraudulent Push Notification SIEM Detection

Duo Security is used to require Multi-Factor Authentication (MFA) to an organization. With Blumira, admins can consolidate MFA authentication logs and correlate them towards Blumira Security Detections. This samples shows a detection(finding) alert in Blumira when a user marks a push notification as a fraudulent request.

Test SIEM Detection - Duo Security Fraudulent Push Notification

This guide will walk through a detection test when a user utilizing Duo Security gets a push notification from a fraudulent source.

Prerequisites:

The Duo Security Module must be enabled and logging properly to Blumira

Detection Test:

Have the Duo Admin Panel & Blumira Admin Panel open
Go to an application protected by Duo Security
Once on the Duo Prompt (MFA) screen, select "Send Me a Push" to your mobile device or tablet
When received, deny the push notification by select the red X
Select "Report as Fraud"
Within minutes, a Finding (alert) will appear in Blumira on the Responder Dashboard

Additional Security Resources

View All Posts

Compliance Security Frameworks and Insurance

7 min read | May 26, 2025

Customer Story: United Way of Pierce County

SIEM XDR

9 min read | April 21, 2025

Customer Story: TR Computer Sales

SIEM XDR

4 min read | April 2, 2025

SIEM Starter: A Budget-Friendly SIEM That Meets Compliance & Keeps You Secure

Get Started for Free

Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors.