Add new rule to detect MFA bypass in Cisco Duo - Githubissues

SigmaHQ / sigma

Main Sigma Rule Repository

Other

7.84k stars 2.12k forks source link

Add new rule to detect MFA bypass in Cisco Duo #4814

Closed nikitah4x closed 2 months ago

nikitah4x commented 2 months ago

Summary of the Pull Request

I've wrote a new detection rule to detect when the MFA is being bypassed in Cisco Duo

Changelog

new: Cisco Duo Successful MFA Authentication Via Bypass Code

Example Log Event

N/A

Fixed Issues

N/A

SigmaHQ Rule Creation Conventions

If your PR adds new rules, please consider following and applying these conventions