Duo Security Fraudulent Push Notification SIEM Detection

    Duo Security is used to require Multi-Factor Authentication (MFA) to an organization. With Blumira, admins can consolidate MFA authentication logs and correlate them towards Blumira Security Detections. This samples shows a detection(finding) alert in Blumira when a user marks a push notification as a fraudulent request.

    Test SIEM Detection - Duo Security Fraudulent Push Notification

    This guide will walk through a detection test when a user utilizing Duo Security gets a push notification from a fraudulent source.

    Prerequisites: 

    • The Duo Security Module must be enabled and logging properly to Blumira
    Detection Test:
    1. Have the Duo Admin Panel & Blumira Admin Panel open
    2. Go to an application protected by Duo Security
    3. Once on the Duo Prompt (MFA) screen, select "Send Me a Push" to your mobile device or tablet
    4. When received, deny the push notification by select the red X
    5. Select "Report as Fraud"
    6. Within minutes, a Finding (alert) will appear in Blumira on the Responder Dashboard

    Experience Blumira Today

    Tired of fragmented security tools and alert fatigue? Blumira centralizes your security operations, offering deep insights and actionable intelligence to identify and remediate threats before they cause damage. Discover the power of proactive defense.