mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 13:39:40 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,120 @@
|
||||
---
|
||||
name: None
|
||||
description: Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust
|
||||
domain: cybersecurity
|
||||
subdomain: identity-access-management
|
||||
tags: [iam, identity, access-control, authentication, mfa, duo, multi-factor]
|
||||
version: "1.0"
|
||||
author: mahipal
|
||||
license: MIT
|
||||
---
|
||||
# Configuring Multi-Factor Authentication with Duo
|
||||
|
||||
## Overview
|
||||
Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust assessment, and phishing-resistant MFA deployment aligned with NIST 800-63B AAL2/AAL3 requirements.
|
||||
|
||||
## Objectives
|
||||
- Configure Duo MFA for VPN, RDP, SSH, and web applications
|
||||
- Implement adaptive access policies based on user, device, and network context
|
||||
- Deploy phishing-resistant authentication (Duo Verified Push, WebAuthn)
|
||||
- Configure device health policies (trusted endpoints, OS version enforcement)
|
||||
- Set up Duo Admin Panel monitoring and reporting
|
||||
- Implement MFA bypass and emergency access procedures
|
||||
|
||||
## Key Concepts
|
||||
|
||||
### Duo Authentication Methods (by security strength)
|
||||
1. **Security Keys (WebAuthn/FIDO2)**: Phishing-resistant, AAL3 capable
|
||||
2. **Duo Verified Push**: Requires code entry, resistant to MFA fatigue attacks
|
||||
3. **Duo Push**: Push notification to Duo Mobile app
|
||||
4. **TOTP (Duo Mobile Passcode)**: Time-based one-time password
|
||||
5. **Hardware Tokens**: OTP from physical token
|
||||
6. **SMS/Phone Call**: Least secure, use only as fallback
|
||||
|
||||
### Duo Integration Architecture
|
||||
- **Duo Authentication Proxy**: On-premises proxy for RADIUS/LDAP integration
|
||||
- **Duo Web SDK**: Embed Duo MFA in web applications
|
||||
- **Duo OIDC/SAML**: SSO integration for cloud applications
|
||||
- **Duo for RDP**: Windows Logon MFA
|
||||
- **Duo Unix**: PAM-based MFA for SSH
|
||||
|
||||
### Adaptive Access Policies
|
||||
- **Trusted Networks**: Reduce MFA friction for corporate networks
|
||||
- **Remembered Devices**: Skip MFA for trusted devices (configurable duration)
|
||||
- **Device Health**: Block or require MFA based on OS patch level, encryption, firewall
|
||||
- **Risk-Based Authentication**: Step-up MFA for anomalous login patterns
|
||||
|
||||
## Implementation Steps
|
||||
|
||||
### Step 1: Duo Authentication Proxy Setup
|
||||
1. Deploy Duo Authentication Proxy on Windows/Linux server
|
||||
2. Configure primary authentication (AD/LDAP or RADIUS)
|
||||
3. Configure Duo API credentials (Integration Key, Secret Key, API Hostname)
|
||||
4. Set failmode (safe=deny if Duo unreachable, secure=allow)
|
||||
5. Test proxy connectivity to Duo cloud and AD
|
||||
|
||||
### Step 2: VPN MFA Integration
|
||||
1. Configure VPN concentrator for RADIUS authentication
|
||||
2. Point RADIUS to Duo Authentication Proxy
|
||||
3. Configure Duo proxy with [radius_server_auto] section
|
||||
4. Test VPN login with Duo Push
|
||||
5. Deploy to all VPN users with enrollment period
|
||||
|
||||
### Step 3: RDP/Windows Logon MFA
|
||||
1. Install Duo Authentication for Windows Logon on target servers
|
||||
2. Configure Duo application in Admin Panel
|
||||
3. Set offline access options (allow N offline logins)
|
||||
4. Configure bypass for service accounts
|
||||
5. Test RDP login with Duo MFA
|
||||
|
||||
### Step 4: Adaptive Policy Configuration
|
||||
1. Create user groups (Standard, Privileged, Contractors)
|
||||
2. Configure per-group authentication policies:
|
||||
- Standard: Duo Push allowed, remembered device 7 days
|
||||
- Privileged: Verified Push required, no remembered device
|
||||
- Contractors: WebAuthn required, no remembered device
|
||||
3. Configure device health policies:
|
||||
- Require encrypted disk
|
||||
- Block outdated OS versions
|
||||
- Require firewall enabled
|
||||
4. Set trusted network exceptions for corporate IPs
|
||||
|
||||
### Step 5: Phishing-Resistant MFA Deployment
|
||||
1. Enable Verified Push (requires entering 3-digit code from login screen)
|
||||
2. Register WebAuthn/FIDO2 security keys for privileged users
|
||||
3. Disable SMS and phone call for high-risk groups
|
||||
4. Configure Duo Risk-Based Factor Selection
|
||||
5. Monitor for MFA fatigue attack patterns
|
||||
|
||||
### Step 6: Monitoring and Response
|
||||
1. Configure Duo Admin Panel alerts
|
||||
2. Set up authentication log forwarding to SIEM
|
||||
3. Monitor for: MFA denial patterns, bypass usage, new device enrollments
|
||||
4. Create incident response playbook for MFA compromise
|
||||
5. Regular review of bypass and exception policies
|
||||
|
||||
## Security Controls
|
||||
| Control | NIST 800-53 | Description |
|
||||
|---------|-------------|-------------|
|
||||
| MFA | IA-2(1) | Multi-factor authentication for network access |
|
||||
| MFA for Privileged | IA-2(2) | MFA for privileged account access |
|
||||
| Replay Resistance | IA-2(8) | Replay-resistant authentication |
|
||||
| Device Identification | IA-3 | Device identity and trust |
|
||||
| Authenticator Management | IA-5 | MFA enrollment and lifecycle |
|
||||
|
||||
## Common Pitfalls
|
||||
- Not deploying phishing-resistant MFA (Verified Push/FIDO2) for privileged accounts
|
||||
- Setting failmode to "safe" (allow access when Duo is down) in production
|
||||
- Not disabling SMS/phone call for users with app-capable devices
|
||||
- Forgetting to configure offline access for laptops
|
||||
- Not monitoring for MFA fatigue/prompt bombing attacks
|
||||
|
||||
## Verification
|
||||
- [ ] VPN login requires Duo MFA
|
||||
- [ ] RDP to servers requires Duo MFA
|
||||
- [ ] SSH access requires Duo MFA
|
||||
- [ ] Verified Push enabled for privileged users
|
||||
- [ ] Device health policy blocks non-compliant devices
|
||||
- [ ] Authentication logs forwarded to SIEM
|
||||
- [ ] Bypass/emergency access procedures tested
|
||||
- [ ] MFA fatigue detection alerts configured
|
||||
@@ -0,0 +1,37 @@
|
||||
# Duo MFA Deployment Checklist
|
||||
|
||||
## Duo Admin Panel Configuration
|
||||
- [ ] Admin account secured with hardware security key
|
||||
- [ ] Admin API credentials generated and stored securely
|
||||
- [ ] AD Sync configured for user provisioning
|
||||
- [ ] User groups created (Standard, Privileged, Contractors)
|
||||
|
||||
## Authentication Policy Matrix
|
||||
| Group | Push | Verified Push | WebAuthn | TOTP | SMS | Phone | Remember |
|
||||
|-------|------|---------------|----------|------|-----|-------|----------|
|
||||
| Standard | Yes | No | Optional | Yes | No | No | 7 days |
|
||||
| Privileged | No | Yes | Yes | Backup | No | No | None |
|
||||
| Contractors | Yes | No | No | Yes | No | No | None |
|
||||
|
||||
## Integration Points
|
||||
| System | Integration Method | Status |
|
||||
|--------|--------------------|--------|
|
||||
| VPN (Cisco ASA) | RADIUS via Auth Proxy | [ ] |
|
||||
| VPN (Palo Alto) | RADIUS via Auth Proxy | [ ] |
|
||||
| Windows RDP | Duo for Windows Logon | [ ] |
|
||||
| Linux SSH | Duo Unix (PAM) | [ ] |
|
||||
| Web Apps (SAML) | Duo SSO | [ ] |
|
||||
| Office 365 | Duo + Azure AD | [ ] |
|
||||
|
||||
## Device Health Policy
|
||||
- [ ] Require disk encryption
|
||||
- [ ] Minimum OS version: Windows 10 22H2 / macOS 13 / iOS 16 / Android 12
|
||||
- [ ] Require firewall enabled
|
||||
- [ ] Block jailbroken/rooted devices
|
||||
- [ ] Require screen lock
|
||||
|
||||
## Emergency Procedures
|
||||
- [ ] Bypass code generation procedure documented
|
||||
- [ ] Failmode configuration documented per integration
|
||||
- [ ] Emergency contact list for Duo outage
|
||||
- [ ] Alternative authentication path tested
|
||||
@@ -0,0 +1,26 @@
|
||||
# Standards and References - MFA with Duo
|
||||
|
||||
## NIST Standards
|
||||
- **NIST SP 800-63B**: Digital Identity Guidelines - Authentication and Lifecycle Management
|
||||
- AAL1: Single-factor authentication
|
||||
- AAL2: Multi-factor authentication (Duo Push, TOTP)
|
||||
- AAL3: Hardware-based phishing-resistant (FIDO2, PIV)
|
||||
- **NIST SP 800-53 Rev 5**: IA-2, IA-2(1), IA-2(2), IA-2(6), IA-2(8), IA-3, IA-5
|
||||
|
||||
## Duo Documentation
|
||||
- **Duo Authentication Proxy**: https://duo.com/docs/authproxy-reference
|
||||
- **Duo for RDP**: https://duo.com/docs/rdp
|
||||
- **Duo Unix (SSH)**: https://duo.com/docs/duounix
|
||||
- **Duo Web SDK**: https://duo.com/docs/duoweb
|
||||
- **Duo Verified Push**: https://duo.com/blog/webauthn-passwordless-fido2-explained-componens-passwordless-architecture
|
||||
- **Duo Admin API**: https://duo.com/docs/adminapi
|
||||
|
||||
## CISA Guidance
|
||||
- **CISA MFA Guidance**: Phishing-resistant MFA requirement for federal agencies
|
||||
- **EO 14028**: Executive Order on Improving the Nation's Cybersecurity - MFA mandate
|
||||
|
||||
## Compliance
|
||||
- **PCI DSS 4.0**: Requirement 8.3.1 - MFA for all access to CDE
|
||||
- **HIPAA**: 45 CFR 164.312(d) - Person or entity authentication
|
||||
- **SOX**: MFA for privileged financial system access
|
||||
- **CMMC**: Level 2 - IA.L2-3.5.3 Multi-factor authentication
|
||||
@@ -0,0 +1,36 @@
|
||||
# MFA with Duo Workflows
|
||||
|
||||
## Workflow 1: Duo Authentication Proxy Deployment
|
||||
1. Install Duo Authentication Proxy on dedicated server
|
||||
2. Configure authproxy.cfg with AD/LDAP primary auth
|
||||
3. Add Duo API credentials (ikey, skey, api_host)
|
||||
4. Set failmode=safe for initial testing, change to secure for production
|
||||
5. Start Duo proxy service, verify connectivity
|
||||
6. Configure VPN/application to use proxy as RADIUS server
|
||||
7. Test with pilot group before full deployment
|
||||
|
||||
## Workflow 2: User Enrollment
|
||||
1. Admin creates Duo user (manual or AD sync)
|
||||
2. User receives enrollment email/link
|
||||
3. User installs Duo Mobile app
|
||||
4. User scans QR code to link device
|
||||
5. User completes test authentication
|
||||
6. Admin verifies enrollment status in Admin Panel
|
||||
|
||||
## Workflow 3: MFA Fatigue Attack Response
|
||||
1. Detect multiple rapid push notifications to single user
|
||||
2. Alert security team via SIEM integration
|
||||
3. Temporarily lock user's Duo account
|
||||
4. Contact user to verify if they initiated authentication
|
||||
5. If unauthorized: reset credentials, investigate source
|
||||
6. If authorized: educate user, enable Verified Push
|
||||
7. Update policy to require Verified Push for affected group
|
||||
|
||||
## Workflow 4: Duo Failover and Emergency Access
|
||||
1. Duo cloud service becomes unreachable
|
||||
2. Authentication Proxy checks failmode setting
|
||||
3. If failmode=secure: deny all access (most secure)
|
||||
4. If failmode=safe: allow primary auth only (business continuity)
|
||||
5. Admin monitors Duo status page for resolution
|
||||
6. After restoration: review all authentications during outage
|
||||
7. Investigate any suspicious access during failover period
|
||||
@@ -0,0 +1,268 @@
|
||||
#!/usr/bin/env python3
|
||||
"""
|
||||
Duo MFA Configuration Auditor and Health Checker
|
||||
|
||||
Audits Duo MFA deployment configuration, checks policy compliance,
|
||||
detects MFA fatigue patterns, and monitors authentication health.
|
||||
"""
|
||||
|
||||
import json
|
||||
import datetime
|
||||
from typing import Dict, List, Optional
|
||||
from dataclasses import dataclass, field
|
||||
from collections import defaultdict
|
||||
|
||||
|
||||
@dataclass
|
||||
class DuoPolicy:
|
||||
"""Duo authentication policy configuration."""
|
||||
policy_name: str
|
||||
group: str
|
||||
allowed_methods: List[str] # push, verified_push, webauthn, totp, sms, phone
|
||||
remembered_devices_days: int = 0
|
||||
require_device_health: bool = False
|
||||
require_encryption: bool = False
|
||||
min_os_version: str = ""
|
||||
trusted_networks: List[str] = field(default_factory=list)
|
||||
failmode: str = "secure" # secure or safe
|
||||
|
||||
|
||||
@dataclass
|
||||
class AuthEvent:
|
||||
"""Authentication event from Duo logs."""
|
||||
timestamp: str
|
||||
username: str
|
||||
factor: str # push, verified_push, webauthn, totp, sms, phone, bypass
|
||||
result: str # success, denied, fraud, timeout
|
||||
ip_address: str
|
||||
device_os: str = ""
|
||||
application: str = ""
|
||||
reason: str = ""
|
||||
|
||||
|
||||
@dataclass
|
||||
class MFAAuditFinding:
|
||||
"""MFA audit finding."""
|
||||
severity: str
|
||||
category: str
|
||||
title: str
|
||||
description: str
|
||||
recommendation: str = ""
|
||||
|
||||
|
||||
class DuoMFAAuditor:
|
||||
"""Audits Duo MFA configuration and detects anomalies."""
|
||||
|
||||
PHISHING_RESISTANT = {"verified_push", "webauthn", "fido2"}
|
||||
WEAK_METHODS = {"sms", "phone"}
|
||||
AAL2_METHODS = {"push", "verified_push", "webauthn", "totp", "fido2"}
|
||||
|
||||
def __init__(self):
|
||||
self.policies: List[DuoPolicy] = []
|
||||
self.auth_events: List[AuthEvent] = []
|
||||
self.findings: List[MFAAuditFinding] = []
|
||||
|
||||
def load_policies(self, policies: List[Dict]):
|
||||
for p in policies:
|
||||
self.policies.append(DuoPolicy(**p))
|
||||
|
||||
def load_auth_events(self, events: List[Dict]):
|
||||
for e in events:
|
||||
self.auth_events.append(AuthEvent(**e))
|
||||
|
||||
def audit_all(self) -> List[MFAAuditFinding]:
|
||||
self.findings = []
|
||||
self._audit_policy_strength()
|
||||
self._audit_weak_methods()
|
||||
self._audit_device_health()
|
||||
self._audit_failmode()
|
||||
self._audit_remembered_devices()
|
||||
self._detect_mfa_fatigue()
|
||||
self._detect_bypass_usage()
|
||||
self._audit_method_distribution()
|
||||
return self.findings
|
||||
|
||||
def _audit_policy_strength(self):
|
||||
for policy in self.policies:
|
||||
has_phishing_resistant = any(
|
||||
m in self.PHISHING_RESISTANT for m in policy.allowed_methods
|
||||
)
|
||||
if "privileged" in policy.group.lower() or "admin" in policy.group.lower():
|
||||
if not has_phishing_resistant:
|
||||
self.findings.append(MFAAuditFinding(
|
||||
severity="critical",
|
||||
category="Policy Strength",
|
||||
title=f"Privileged group '{policy.group}' lacks phishing-resistant MFA",
|
||||
description=f"Policy '{policy.policy_name}' allows only: {', '.join(policy.allowed_methods)}",
|
||||
recommendation="Enable Verified Push or WebAuthn for privileged users per CISA guidance"
|
||||
))
|
||||
|
||||
def _audit_weak_methods(self):
|
||||
for policy in self.policies:
|
||||
weak = set(policy.allowed_methods) & self.WEAK_METHODS
|
||||
if weak:
|
||||
self.findings.append(MFAAuditFinding(
|
||||
severity="high",
|
||||
category="Weak Methods",
|
||||
title=f"Weak MFA methods enabled for '{policy.group}'",
|
||||
description=f"SMS and/or phone call enabled: {', '.join(weak)}. "
|
||||
"These are vulnerable to SIM swapping and social engineering.",
|
||||
recommendation="Disable SMS/phone for users with smartphone access. Use push or WebAuthn."
|
||||
))
|
||||
|
||||
def _audit_device_health(self):
|
||||
for policy in self.policies:
|
||||
if not policy.require_device_health:
|
||||
self.findings.append(MFAAuditFinding(
|
||||
severity="medium",
|
||||
category="Device Health",
|
||||
title=f"Device health not enforced for '{policy.group}'",
|
||||
description="Unmanaged or unhealthy devices can authenticate without restriction.",
|
||||
recommendation="Enable device health policy to check OS version, encryption, and firewall."
|
||||
))
|
||||
|
||||
def _audit_failmode(self):
|
||||
for policy in self.policies:
|
||||
if policy.failmode == "safe":
|
||||
self.findings.append(MFAAuditFinding(
|
||||
severity="high",
|
||||
category="Failmode",
|
||||
title=f"Failmode set to 'safe' for '{policy.policy_name}'",
|
||||
description="When Duo is unreachable, users are allowed in without MFA.",
|
||||
recommendation="Set failmode to 'secure' to deny access when Duo is unavailable."
|
||||
))
|
||||
|
||||
def _audit_remembered_devices(self):
|
||||
for policy in self.policies:
|
||||
if policy.remembered_devices_days > 30:
|
||||
self.findings.append(MFAAuditFinding(
|
||||
severity="medium",
|
||||
category="Remembered Devices",
|
||||
title=f"Long remembered device period for '{policy.group}'",
|
||||
description=f"Devices remembered for {policy.remembered_devices_days} days. "
|
||||
"Stolen devices retain MFA bypass.",
|
||||
recommendation="Reduce remembered device period to 7 days or less."
|
||||
))
|
||||
|
||||
def _detect_mfa_fatigue(self):
|
||||
"""Detect potential MFA prompt bombing / fatigue attacks."""
|
||||
user_denials = defaultdict(list)
|
||||
for event in self.auth_events:
|
||||
if event.result in ("denied", "timeout", "fraud"):
|
||||
user_denials[event.username].append(event)
|
||||
|
||||
for user, denials in user_denials.items():
|
||||
if len(denials) >= 5:
|
||||
# Check if denials happened within a short window
|
||||
timestamps = sorted(denials, key=lambda e: e.timestamp)
|
||||
if len(timestamps) >= 5:
|
||||
self.findings.append(MFAAuditFinding(
|
||||
severity="critical",
|
||||
category="MFA Fatigue",
|
||||
title=f"Potential MFA fatigue attack on user '{user}'",
|
||||
description=f"{len(denials)} denied/timeout MFA attempts detected. "
|
||||
"This pattern indicates potential MFA prompt bombing.",
|
||||
recommendation=f"Lock account '{user}', verify with user, enable Verified Push, "
|
||||
"investigate source IPs."
|
||||
))
|
||||
|
||||
def _detect_bypass_usage(self):
|
||||
bypass_events = [e for e in self.auth_events if e.factor == "bypass"]
|
||||
if bypass_events:
|
||||
users = set(e.username for e in bypass_events)
|
||||
self.findings.append(MFAAuditFinding(
|
||||
severity="high",
|
||||
category="Bypass Usage",
|
||||
title=f"{len(bypass_events)} MFA bypass authentications detected",
|
||||
description=f"Users with bypass codes: {', '.join(users)}. "
|
||||
"Bypass codes circumvent MFA protection.",
|
||||
recommendation="Review bypass usage. Ensure bypass codes are single-use and time-limited."
|
||||
))
|
||||
|
||||
def _audit_method_distribution(self):
|
||||
method_counts = defaultdict(int)
|
||||
for event in self.auth_events:
|
||||
if event.result == "success":
|
||||
method_counts[event.factor] += 1
|
||||
|
||||
total = sum(method_counts.values())
|
||||
if total > 0:
|
||||
weak_pct = sum(method_counts.get(m, 0) for m in self.WEAK_METHODS) / total * 100
|
||||
if weak_pct > 10:
|
||||
self.findings.append(MFAAuditFinding(
|
||||
severity="medium",
|
||||
category="Method Distribution",
|
||||
title=f"{weak_pct:.1f}% of authentications use weak MFA methods",
|
||||
description="Significant portion of users still using SMS/phone.",
|
||||
recommendation="Migrate users to Duo Push, Verified Push, or WebAuthn."
|
||||
))
|
||||
|
||||
def generate_report(self) -> str:
|
||||
if not self.findings:
|
||||
self.audit_all()
|
||||
|
||||
lines = [
|
||||
"=" * 70,
|
||||
"DUO MFA CONFIGURATION AUDIT REPORT",
|
||||
"=" * 70,
|
||||
f"Report Date: {datetime.datetime.now().isoformat()}",
|
||||
f"Policies Audited: {len(self.policies)}",
|
||||
f"Auth Events Analyzed: {len(self.auth_events)}",
|
||||
f"Findings: {len(self.findings)}",
|
||||
"-" * 70, ""
|
||||
]
|
||||
|
||||
severity_order = {"critical": 0, "high": 1, "medium": 2, "low": 3, "info": 4}
|
||||
for f in sorted(self.findings, key=lambda x: severity_order.get(x.severity, 5)):
|
||||
lines.append(f"[{f.severity.upper()}] {f.title}")
|
||||
lines.append(f" Category: {f.category}")
|
||||
lines.append(f" {f.description}")
|
||||
if f.recommendation:
|
||||
lines.append(f" Fix: {f.recommendation}")
|
||||
lines.append("")
|
||||
|
||||
lines.append("=" * 70)
|
||||
critical = sum(1 for f in self.findings if f.severity == "critical")
|
||||
lines.append(f"OVERALL: {'FAIL' if critical > 0 else 'PASS WITH FINDINGS' if self.findings else 'PASS'}")
|
||||
lines.append("=" * 70)
|
||||
return "\n".join(lines)
|
||||
|
||||
|
||||
def main():
|
||||
auditor = DuoMFAAuditor()
|
||||
auditor.load_policies([
|
||||
{"policy_name": "Standard Users", "group": "standard_users",
|
||||
"allowed_methods": ["push", "totp", "sms"], "remembered_devices_days": 7,
|
||||
"failmode": "secure"},
|
||||
{"policy_name": "Privileged Admins", "group": "privileged_admins",
|
||||
"allowed_methods": ["push", "totp"], "remembered_devices_days": 0,
|
||||
"require_device_health": True, "failmode": "safe"},
|
||||
{"policy_name": "Contractors", "group": "contractors",
|
||||
"allowed_methods": ["push", "phone", "sms"], "remembered_devices_days": 45,
|
||||
"failmode": "secure"},
|
||||
])
|
||||
|
||||
auditor.load_auth_events([
|
||||
{"timestamp": "2026-02-23T08:00:00", "username": "alice", "factor": "push",
|
||||
"result": "success", "ip_address": "10.0.1.50", "application": "VPN"},
|
||||
{"timestamp": "2026-02-23T08:01:00", "username": "bob", "factor": "sms",
|
||||
"result": "success", "ip_address": "192.168.1.100", "application": "VPN"},
|
||||
{"timestamp": "2026-02-23T08:02:00", "username": "charlie", "factor": "push",
|
||||
"result": "denied", "ip_address": "203.0.113.50", "application": "RDP"},
|
||||
{"timestamp": "2026-02-23T08:02:30", "username": "charlie", "factor": "push",
|
||||
"result": "denied", "ip_address": "203.0.113.50", "application": "RDP"},
|
||||
{"timestamp": "2026-02-23T08:03:00", "username": "charlie", "factor": "push",
|
||||
"result": "denied", "ip_address": "203.0.113.50", "application": "RDP"},
|
||||
{"timestamp": "2026-02-23T08:03:30", "username": "charlie", "factor": "push",
|
||||
"result": "timeout", "ip_address": "203.0.113.50", "application": "RDP"},
|
||||
{"timestamp": "2026-02-23T08:04:00", "username": "charlie", "factor": "push",
|
||||
"result": "denied", "ip_address": "203.0.113.50", "application": "RDP"},
|
||||
{"timestamp": "2026-02-23T09:00:00", "username": "dave", "factor": "bypass",
|
||||
"result": "success", "ip_address": "10.0.2.75", "application": "SSH"},
|
||||
])
|
||||
|
||||
print(auditor.generate_report())
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user