As customers and partners rely more and more on authentication tools, Alert Logic has expanded the types of incidents upon which you can receive alerts for these tools. Security content for sign-in log incidents is now available and accessible in the Alert Logic console for the following authentication applications:
- Azure sign-in
- Office 365 sign-in - Microsoft Office uses Azure Active Directory
The incidents generated from these authentication applications can alert customers to malicious activities detected from their authentication and sign-in logs. These incidents are auto-escalated to customers and will provide robust security content.
Security Content Use Cases
Incident types that you can now receive from the above authentication applications include:
- Brute force activity
- Disabled multi-factor authentication users
- Sign-in attempt from a risky IP
- User granted Admin privileges
- User attempts access to admin application
- Login from multiple countries detected in a single day
- Credential stuffing activity
- Sign-in from anomalous geographies
Incidents generated by these new authentication application use cases can be found in the Alert Logic console at main menu () > Respond > Incidents and will be identifiable by the following structure in the incident's title - ['ApplicationName'] Incident Title.
For additional technical details, see our Authentication Application Security Incidents documentation.