├── .github ├── CODEOWNERS └── workflows │ └── ci.yml ├── .gitignore ├── .vscode └── settings.json ├── .yamllint ├── AUTHORS ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── THIRD-PARTY-NOTICES ├── detections ├── attack_protection_features_turned_off.yml ├── bot_detection_turned_off.yml ├── breached_password_detection_settings_manipulated.yml ├── brute_force_critical_settings_manipulated.yml ├── client_with_overpermissive_granted_scopes.yml ├── credential_stuffing_signals.yml ├── cross_origin_authentication_enabled.yml ├── grant_mgn_api_scopes.yml ├── insecure_grants_enabled_for_applications.yml ├── liquidjs_xss_vulnerability.yml ├── logins_from_suspicious_tls_fingerprints.yml ├── logins_or_signups_from_suspicious_ips.yml ├── many_failed_authorization_requests.yml ├── many_unverified_accounts_created.yml ├── mfa_donwgrade_risk_assessment_disabled.yml ├── mfa_downgrade_detect_disable_factors.yml ├── mfa_downgrade_disable_mfa_policies.yml ├── multiple_phone_numbers_are_registered_as_mfa.yml ├── rapid_creation_of_clients_with_dynamic_registration.yml ├── refresh_token_from_multiple_user_agent.yml ├── refresh_token_from_too_many_locations.yml ├── refresh_token_reuse.yml ├── risk_for_mfa_push_fatigue.yml ├── risk_of_copying_client_credentials.yml ├── risk_of_copying_the_most_powerful_token.yml ├── risk_of_signup_fraud_by_disposable_domains.yml ├── risk_of_signup_fraud_by_volume.yml ├── risk_of_tenant_takeover.yml ├── same_guardian_app_is_registered_for_mfa_in_multiple_users.yml ├── sms_bombarding.yml ├── suspicious_ip_throttling_critical_settings_manipulated.yml ├── unrecognized_ip_in_allowlist.yml └── use_of_auth0_tenant_name_url.yml ├── requirements.txt └── test ├── __init__.py └── test_yaml_should_be_valid.py /.github/CODEOWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/.github/CODEOWNERS -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/.github/workflows/ci.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/.gitignore -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/.vscode/settings.json -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/.yamllint -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Maria Vasilevskaya 2 | Mathew Woodyard 3 | Rick Burta 4 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/README.md -------------------------------------------------------------------------------- /THIRD-PARTY-NOTICES: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/THIRD-PARTY-NOTICES -------------------------------------------------------------------------------- /detections/attack_protection_features_turned_off.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/attack_protection_features_turned_off.yml -------------------------------------------------------------------------------- /detections/bot_detection_turned_off.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/bot_detection_turned_off.yml -------------------------------------------------------------------------------- /detections/breached_password_detection_settings_manipulated.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/breached_password_detection_settings_manipulated.yml -------------------------------------------------------------------------------- /detections/brute_force_critical_settings_manipulated.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/brute_force_critical_settings_manipulated.yml -------------------------------------------------------------------------------- /detections/client_with_overpermissive_granted_scopes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/client_with_overpermissive_granted_scopes.yml -------------------------------------------------------------------------------- /detections/credential_stuffing_signals.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/credential_stuffing_signals.yml -------------------------------------------------------------------------------- /detections/cross_origin_authentication_enabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/cross_origin_authentication_enabled.yml -------------------------------------------------------------------------------- /detections/grant_mgn_api_scopes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/grant_mgn_api_scopes.yml -------------------------------------------------------------------------------- /detections/insecure_grants_enabled_for_applications.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/insecure_grants_enabled_for_applications.yml -------------------------------------------------------------------------------- /detections/liquidjs_xss_vulnerability.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/liquidjs_xss_vulnerability.yml -------------------------------------------------------------------------------- /detections/logins_from_suspicious_tls_fingerprints.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/logins_from_suspicious_tls_fingerprints.yml -------------------------------------------------------------------------------- /detections/logins_or_signups_from_suspicious_ips.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/logins_or_signups_from_suspicious_ips.yml -------------------------------------------------------------------------------- /detections/many_failed_authorization_requests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/many_failed_authorization_requests.yml -------------------------------------------------------------------------------- /detections/many_unverified_accounts_created.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/many_unverified_accounts_created.yml -------------------------------------------------------------------------------- /detections/mfa_donwgrade_risk_assessment_disabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/mfa_donwgrade_risk_assessment_disabled.yml -------------------------------------------------------------------------------- /detections/mfa_downgrade_detect_disable_factors.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/mfa_downgrade_detect_disable_factors.yml -------------------------------------------------------------------------------- /detections/mfa_downgrade_disable_mfa_policies.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/mfa_downgrade_disable_mfa_policies.yml -------------------------------------------------------------------------------- /detections/multiple_phone_numbers_are_registered_as_mfa.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/multiple_phone_numbers_are_registered_as_mfa.yml -------------------------------------------------------------------------------- /detections/rapid_creation_of_clients_with_dynamic_registration.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/rapid_creation_of_clients_with_dynamic_registration.yml -------------------------------------------------------------------------------- /detections/refresh_token_from_multiple_user_agent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/refresh_token_from_multiple_user_agent.yml -------------------------------------------------------------------------------- /detections/refresh_token_from_too_many_locations.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/refresh_token_from_too_many_locations.yml -------------------------------------------------------------------------------- /detections/refresh_token_reuse.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/refresh_token_reuse.yml -------------------------------------------------------------------------------- /detections/risk_for_mfa_push_fatigue.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/risk_for_mfa_push_fatigue.yml -------------------------------------------------------------------------------- /detections/risk_of_copying_client_credentials.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/risk_of_copying_client_credentials.yml -------------------------------------------------------------------------------- /detections/risk_of_copying_the_most_powerful_token.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/risk_of_copying_the_most_powerful_token.yml -------------------------------------------------------------------------------- /detections/risk_of_signup_fraud_by_disposable_domains.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/risk_of_signup_fraud_by_disposable_domains.yml -------------------------------------------------------------------------------- /detections/risk_of_signup_fraud_by_volume.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/risk_of_signup_fraud_by_volume.yml -------------------------------------------------------------------------------- /detections/risk_of_tenant_takeover.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/risk_of_tenant_takeover.yml -------------------------------------------------------------------------------- /detections/same_guardian_app_is_registered_for_mfa_in_multiple_users.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/same_guardian_app_is_registered_for_mfa_in_multiple_users.yml -------------------------------------------------------------------------------- /detections/sms_bombarding.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/sms_bombarding.yml -------------------------------------------------------------------------------- /detections/suspicious_ip_throttling_critical_settings_manipulated.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/suspicious_ip_throttling_critical_settings_manipulated.yml -------------------------------------------------------------------------------- /detections/unrecognized_ip_in_allowlist.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/unrecognized_ip_in_allowlist.yml -------------------------------------------------------------------------------- /detections/use_of_auth0_tenant_name_url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/detections/use_of_auth0_tenant_name_url.yml -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/requirements.txt -------------------------------------------------------------------------------- /test/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/test_yaml_should_be_valid.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/auth0/auth0-customer-detections/HEAD/test/test_yaml_should_be_valid.py --------------------------------------------------------------------------------