Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs-staging.auth0-mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Security Center provides observability tools that allow you to see potential attack trends and quickly respond to them in real-time. Security Center provides real-time monitoring that allows you to observe your own Customer Identity and Access Management (CIAM) anomaly detection metrics, and lets you configure attack mitigation features from within the same space.

Real-time monitoring

Security Center provides you with an overview of your tenant’s security pulse and allows you to drive outcomes from within the Auth0 Management Dashboard. In Security Center, you can:
  • Monitor your total traffic and total threats
  • Observe threat behavior trends
  • Identify applications associated with threat behavior trends
  • Track login and signup traffic
  • Monitor threats identified by our and features

Filtering and aggregation

Security Center allows you to filter available data to your needs. You can filter data based on the following fields:
  • Time period (up to the last 14 days)
  • Applications
  • Connections
Depending on the time period you select, the data is automatically aggregated per minute, per hour, or per day. Security Center allows you to observe threat behavior trends for the following threat types:
  • Credential stuffing: Behavioral patterns that appear to involve a machine attempt with the goal of submitting credentials to compromise user accounts.
  • Signup attack: Behavioral patterns that appear to involve a machine attempt with the goal of creating new user accounts.
  • MFA bypass: Behavior patterns that appear to involve a machine attempt with the goal of circumventing user multi-factor authentication (MFA) protections.
Views allow you to slice data by threat type and identify applications associated with threat behavior trends.
Screenshot shows a dashboard, a line graph, a horizontal bar chart, and a doughnut chart. The dashboard details the total traffic, total threats, and percentage of threats. The line graph details threat behavior trends by traffic type. Separate lines exist for normal traffic, credential stuffing, signup attacks, and MFA bypass threats. The horizontal bar chart details threat behavior by app. Each bar represents a specific app and different threat types are color coded within the bar. The doughnut chart details the threat behavior type breakdown and different threat types are color coded within the doughnut.

Authentication events

Security Center allows you to inspect authentication events, including login attempts and signup attempts.
Screenshot shows two line graphs. One shows the number of login attempts in the last 7 days. Separate lines are shown for successful logins and failed logins. The other shows the number of signup attempts over the last 7 days. Separate lines are shown for successful signups and failed signups.

Login attempts

Login attempts include both successful and failed login transactions over the last seven days.

Signup attempts

Signup attempts include both successful and failed signup transactions over the last seven days.

Attack Protection and MFA monitoring

Security Center helps you understand current attack trends identified by our Attack Protection and MFA features, and allows you to implement countermeasures by enabling and configuring these features:
We will identify patterns that are usually an indicator of known attack types and log-related events, regardless of whether you selected countermeasures when configuring our Attack Protection features.
Screenshot shows multiple line graphs for the Security Center Threat Protection tab.

Bot detection

mitigates scripted attacks by detecting when a request is likely to be coming from a bot. Bot detection includes the number of bots detected over the last seven days. To learn more about this feature, read Bot Detection.

Suspicious IP throttling

blocks traffic from any IP address that rapidly attempts too many logins or signups. Suspicious IP throttling includes the number of suspicious IPs blocked over the last seven days. To learn more about this feature, read Suspicious IP Throttling.

Brute-force protection

safeguards against a single IP address attacking a single user account. Brute-force protection includes the number of blocked brute-force attempts over the last seven days. To learn more about this feature, read Brute-Force Protection.

Breached password detection

protects your applications from signing up or logging in with stolen credentials. Breached password detection includes the number of breached credentials detected in login and signup flows over the last seven days. To learn more about this feature, read Breached Password Detection.

Multi-factor authentication

Multi-factor authentication (MFA) verifies users by requiring more than one type of user validation. MFA includes the number of MFA challenges detected and the number of MFA challenges passed or failed over the last seven days. To learn more about this feature, read Multi-Factor Authentication.

Learn more