What sort of telemetry can FusionAuth provide for potentially suspicious logins, credential attacks, and other security related events?

dan · 30 Jun 2020, 20:37

I'm just trying to understand what capabilities are available in FusionAuth.

dan · 30 Jun 2020, 20:41

The current feature set consists of:

the available webhook events including registration and failed login events
brute force login attempt actions (user lockout actions webhook)
breached password notifications

mgetka · 1 Jul 2020, 15:22

lately, I've created a feature request on the suspicious login attempt detection capabilities. If I've been to creates such service my starting point would be client IP (for geolocalization) and user-agent string (maybe all headers) for browser fingerprinting of sorts. Still, login success/failure events summary contained in webhook call contains no useful information for such scenario

dan · 2 Jul 2020, 15:29

This may be useful if what you are trying to extract is in ElasticSearch (user data): https://elastalert.readthedocs.io/en/latest/

Doesn't help with other aspects of the system, but I believe we have some features planned.