Duo Security Fraudulent Push Notification SIEM Detection

Duo Security is used to require Multi-Factor Authentication (MFA) to an organization. With Blumira, admins can consolidate MFA authentication logs and correlate them towards Blumira Security Detections. This samples shows a detection(finding) alert in Blumira when a user marks a push notification as a fraudulent request.

Test SIEM Detection - Duo Security Fraudulent Push Notification

This guide will walk through a detection test when a user utilizing Duo Security gets a push notification from a fraudulent source.

Prerequisites:

The Duo Security Module must be enabled and logging properly to Blumira

Detection Test:

Have the Duo Admin Panel & Blumira Admin Panel open
Go to an application protected by Duo Security
Once on the Duo Prompt (MFA) screen, select "Send Me a Push" to your mobile device or tablet
When received, deny the push notification by select the red X
Select "Report as Fraud"
Within minutes, a Finding (alert) will appear in Blumira on the Responder Dashboard

Additional Security Resources

View All Posts

SIEM XDR

7 min read | July 25, 2024

SIEM Pricing Models for SMBs

Security How-To

12 min read | June 19, 2024

How to Secure Remote Access for Manufacturing Operations

SIEM XDR

3 min read | June 12, 2024

May 2024 Product Release Notes

Get Started for Free

Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors, forever.