Saltar al contenido principal
Los registros de tu inquilino contienen entradas de eventos de inicio de sesión exitosos y fallidos, incluida información sobre las puntuaciones de evaluación de riesgo de . Son las mismas entradas que pueden usarse en los objetos de contexto de Rules. Las entradas de tienen la siguiente estructura: 
{
  "date": "2020-06-26T15:12:43.654Z",
  "type": "s",
  "details": {
    "riskAssessment": {
      "confidence": "high",
      "assessments": {
        "UntrustedIP": {
          "confidence": "high",
          "code": "not_found_on_deny_list"
    	},
    	"NewDevice": {
      	  "confidence": "medium",
      	  "code": "partial_match",
          "details": {
            "device": "unknown",
            "useragent": "known",
          }
    	},
    	"ImpossibleTravel": {
      	  "confidence": "high",
      	  "code": "minimal_travel_from_last_login"
    	}
      }
    }
  },
  "description": "Successful login"
}
Aquí tienes un ejemplo: 
{
  "date": "2020-06-24T20:24:39.412Z",
  "type": "s",
  "description": "Successful login",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_16Tpc6YqlWZ4HCut",
  "client_id": "9ZteveEZ8CqSLtCNXgvhoCJQ0jt2xSxe",
  "client_name": "jwt.io",
  "ip": "10.12.13.1",
  "client_ip": null,
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
  "details": {
    "prompts": [
      {
        "name": "prompt-authenticate",
        "initiatedAt": null,
        "completedAt": 1593030278513,
        "connection": "Username-Password-Authentication",
        "connection_id": null,
        "strategy": "auth0",
        "identity": "5ee10b1ca85332004e44ce3e",
        "stats": {
          "loginsCount": 66
        },
        "elapsedTime": null
      },
      {
        "name": "login",
        "flow": "universal-login",
        "initiatedAt": 1593030268561,
        "completedAt": 1593030278558,
        "timers": {
          "rules": 336
        },
        "user_id": "auth0|5ee10b1ca85332004e44ce3e",
        "user_name": "user@josh.local.dev.auth0.com",
        "elapsedTime": 9997
      }
    ],
    "initiatedAt": 1593030268550,
    "completedAt": 1593030279374,
    "elapsedTime": 10824,
    "session_id": "dKvR03IjVSNLPaVLqVS-FBuX87z0bBoE",
    "riskAssessment": {
      "confidence": "medium",
      "assessments": {
        "UntrustedIP": {
          "confidence": "high",
          "code": "ip_not_found"
        },
        "NewDevice": {
          "confidence": "medium",
          "code": "match_useragent",
          "details": {
            "device": "unknown",
            "useragent": "known",
          }
        },
        "ImpossibleTravel": {
          "confidence": "low",
          "code": "missing_geoip"
        }
      }
    },
    "stats": {
      "loginsCount": 66
    }
  },
  "hostname": "josh.local.dev.auth0.com",
  "user_id": "auth0|5ee10b1ca85332004e44ce3e",
  "user_name": "user@josh.local.dev.auth0.com",
  "strategy": "auth0",
  "strategy_type": "database"
}

Detalles de la protección contra ataques

Además de proporcionar información para la ejecución de Rules, Auth0 incluye en los registros de tu inquilino información de para MFA adaptativa. La misma estructura de datos que aparece en Rules también aparece en los registros del inquilino: 
{
  "date": "2020-06-26T15:12:43.654Z",
  "type": "s",
  "details": {
	"anomalyDetection": {
  	  "confidence": "high",
  	  "assessments": {
    	    "UntrustedIP": {
      	    "confidence": "high",
      	    "reason": "ip not found",
      	    "code": "ip_not_found"
    	    },
    	    "NewDevice": {
      	    "confidence": "medium",
      	    "reason": "match useragent",
      	    "code": "match_useragent"
    	    },
    	    "ImpossibleTravel": {
      	    "confidence": "high",
      	    "reason": "minimal travel",
      	    "code": "minimal_travel_from_last_login"
    	    }
  	  }
	},
  },
  "description": "Successful login"
}

Detalles de la pantalla de MFA

Cuando la MFA adaptativa está habilitada, se pedirá a los usuarios que se inscriban en MFA en su primer intento de inicio de sesión con una puntuación de confianza baja. Es posible que aparezca una pantalla mfa en los detalles del evento de inicio de sesión. Por ejemplo: 
{
  "_id": "5ef3bb0a72487a0047c32959",
  "date": "2020-06-24T20:43:54.159Z",
  "type": "s",
  "description": "Successful login",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_16Tpc6YqlWZ4HCut",
  "client_id": "9ZteveEZ8CqSLtCNXgvhoCJQ0jt2xSxe",
  "client_name": "jwt.io",
  "ip": "10.12.13.1",
  "client_ip": null,
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
  "details": {
    "prompts": [
      {
        "name": "prompt-authenticate",
        "completedAt": 1593031413909,
        "connection": "Username-Password-Authentication",
        "strategy": "auth0",
        "identity": "5ee10b1ca85332004e44ce3e",
        "stats": {
          "loginsCount": 67
        },
        "elapsedTime": null
      },
      {
        "name": "login",
        "flow": "universal-login",
        "initiatedAt": 1593031371948,
        "completedAt": 1593031413953,
        "timers": {
          "rules": 443
        },
        "user_id": "auth0|5ee10b1ca85332004e44ce3e",
        "user_name": "user@josh.local.dev.auth0.com",
        "elapsedTime": 42005
      },
      {
        "name": "mfa",
        "flow": "universal-mfa",
        "initiatedAt": 1593031414863,
        "completedAt": 1593031433795,
        "performed_acr": [
          "http://schemas.openid.net/pape/policies/2007/06/multi-factor"
        ],
        "performed_amr": [
          "mfa"
        ],
        "provider": "guardian",
        "elapsedTime": 18932
      }
    ],
    "initiatedAt": 1593031371938,
    "completedAt": 1593031434151,
    "elapsedTime": 62213,
    "session_id": "ulYRdsS1F4wIKLpUfQDfhyXgKVJqJaEv",
    "riskAssessment": {
      "confidence": "medium",
      "assessments": {
        "UntrustedIP": {
          "confidence": "high",
          "code": "ip_not_found"
        },
        "NewDevice": {
          "confidence": "medium",
          "code": "match_useragent",
          "details": {
            "device": "unknown",
            "useragent": "known",
          }
        },
        "ImpossibleTravel": {
          "confidence": "low",
          "code": "missing_geoip"
        }
      }
    },
    "stats": {
      "loginsCount": 67
    }
  },
  "hostname": "josh.local.dev.auth0.com",
  "user_id": "auth0|5ee10b1ca85332004e44ce3e",
  "user_name": "user@josh.local.dev.auth0.com",
  "strategy": "auth0",
  "strategy_type": "database"
}

Detalles de los proveedores de MFA

Pueden aparecer eventos para determinados proveedores de MFA. A continuación, se muestra un ejemplo que incluye el evento OTP Auth Succeeded. 
{
  "_id": "5ef3bb0922b43d004844af00",
  "date": "2020-06-24T20:43:53.758Z",
  "type": "gd_auth_succeed",
  "description": "Guardian - Second factor authentication succeed (totp)",
  "ip": "10.12.13.1",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
  "details": {
    "request": {
      "method": "POST",
      "path": "/api/totp/configs/josh/authenticators/totp%7Cdev_3KQv6yQ06pLoksIe/verify",
      "query": {},
      "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
      "body": {
        "code": "********"
      },
      "ip": "10.12.13.1",
      "auth": {
        "subject": null,
        "strategy": "jwt_api2_internal_token",
        "scopes": [
          "read:authenticators",
          "verify:authenticator"
        ]
      }
    },
    "response": {
      "body": {},
      "statusCode": null
    },
    "authenticator": {
      "id": "totp|dev_3KQv6yQ06pLoksIe",
      "type": "totp"
    },
    "device_id": "v0:45e50ea0-b65b-11ea-9dd7-27e2c7f14291"
  },
  "user_id": "auth0|5ee10b1ca85332004e44ce3e"
}

Más información