Introduction

​The Security Center feature was released in May 2023 as a visualization function for trends in authentication events and detection of unauthorized logins. Until now, it was necessary to output logs externally and use SIEM products, but it is now provided as a function on the Auth0 management screen.

By utilizing the Security Center function, you can grasp the trend of successful/failed logins via Auth0 and the detection status of unauthorized logins. This information can be used as material for considering measures against unauthorized logins, such as applying the Attack Protection function or MFA.

This page introduces what you can check with the Security Center function.

What you can check with the Security Center function

With the Security Center feature, you can check the following information in real time.

[Overview tab]

• Total number of authentication events and number of unauthorized logins (total value)
• Number of unauthorized logins determined by Auth0 (time series and aggregated values)
• Number of authentication events that have occurred (time series)

[Threat Monitoring Tab]

• Number of detections by the Attack Protection function (time series)
• Number of MFA attempts/successes/failures (time series)

The display period range of each information can be specified from the following options. (Aggregation unit is automatically determined according to the selected period)

• last hour
• last 12 hours
• Last 1 day
• Last 7 days
• last 14 days

Below are the details.

Display information details

[Overview tab]

• Tenant Overview: Total number of authentication events and number of unauthorized logins (aggregated value)
  • Total Traffic: Total number of authentication events
  • Total Threats: The number of authentication events that Auth0 determined to be unauthorized logins.
  • Threat % of total traffic: Percentage of authentication events judged to be unauthorized logins

• Threat Behavior: Number of unauthorized logins determined by Auth0 (time series and aggregated values)
  • Threat behavior trends: Number of unauthorized logins
  • Threat behavior by app: Number of unauthorized logins by application
  • Threat behavior types: Occurrence rate by type of unauthorized login
    ・Credential stuffing: Credential stuffing attacks
    ・Signup attack: Automatic attempt to create a new account
    ・MFA bypass: MFA bypass attempt

• Authentication: Number of authentication events that occurred (time series)
  • Login attempts: login successes and failures
  • Signup attempts: signup successes and failures

[Threat Monitoring Tab]

• Number of detections by the Attack Protection function (time series)
  • Bot Detection: Detection of bot attacks (determined based on Auth0 knowledge)

• Suspicious IP Throttling: Detecting frequent logins/signups

• Brute-force Protection: Detection of Multiple Login Attempts for a User

• Breached Password Detection: Detecting logins and sign-ups using passwords that may have been leaked (as determined by Auth0)

• Multi-factor Auth: Number of MFA attempts/successes/failures (time series)
  • MFA challenges: MFA attempts
  • MFA success rate: MFA success and failure

Feature Updates

It is now possible to set thresholds to raise alerts based on the occurrence of unauthorized logins, etc. detected by Auth0.

Security Center Alerts for Thresholds - Early Access – Auth0 Changelog

Operation example

An example alert is displayed in the Alert History tab, as shown below.

in conclusion

With Security Center, you can understand trends in successful and failed logins, as well as the occurrence of unauthorized logins detected by Auth0, and raise alerts.

If you're interested in Auth0's security attack prevention features, please contact us.