fbpx
Back Arrow Back to All Integrations

Duo Security – Fraudulent Push Notification

Duo Security – Fraudulent Push Notification

Duo Security Fraudulent Push Notification SIEM Detection

Duo Security is used to require Multi-Factor Authentication (MFA) to an organization. With Blumira, admins can consolidate MFA authentication logs and correlate them towards Blumira Security Detections. This samples shows a detection(finding) alert in Blumira when a user marks a push notification as a fraudulent request.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Test SIEM Detection – Duo Security Fraudulent Push Notification

This guide will walk through a detection test when a user utilizing Duo Security gets a push notification from a fraudulent source.

Prerequisites: 

  • The Duo Security Module must be enabled and logging properly to Blumira

Detection Test:

  1. Have the Duo Admin Panel & Blumira Admin Panel open
  2. Go to an application protected by Duo Security
  3. Once on the Duo Prompt (MFA) screen, select “Send Me a Push” to your mobile device or tablet
  4. When received, deny the push notification by select the red X
  5. Select “Report as Fraud
  6. Within minutes, a Finding (alert) will appear in Blumira on the Responder Dashboard