FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    What sort of telemetry can FusionAuth provide for potentially suspicious logins, credential attacks, and other security related events?

    Scheduled Pinned Locked Moved
    Q&A
    security telemetry
    2
    4
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      I'm just trying to understand what capabilities are available in FusionAuth.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        The current feature set consists of:

        • the available webhook events including registration and failed login events
        • brute force login attempt actions (user lockout actions webhook)
        • breached password notifications

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • M
          mgetka Power User
          last edited by

          lately, I've created a feature request on the suspicious login attempt detection capabilities. If I've been to creates such service my starting point would be client IP (for geolocalization) and user-agent string (maybe all headers) for browser fingerprinting of sorts. Still, login success/failure events summary contained in webhook call contains no useful information for such scenario 😞

          1 Reply Last reply Reply Quote 1
          • danD
            dan
            last edited by

            This may be useful if what you are trying to extract is in ElasticSearch (user data): https://elastalert.readthedocs.io/en/latest/

            Doesn't help with other aspects of the system, but I believe we have some features planned.

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • First post
              Last post