circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Duo Fraud Main

Duo Fraud playbook uses the sub-playbook Duo Fraud Investigation to investigate suspicious attempts to log in through Duo.

1. Trigger - retrieves the information from the Logpoint SIEM incident, such as the start and end time of the incident, the query that runs the incident, rows_count, name, and incident ID.

2. Query - takes the query from Trigger and runs it in Logpoint SIEM to return user_name, email, access_device_ip, auth_device_ip, city_name, and region_name.

3. For Each - loops the query results from the Query action block through each element and feeds them into the sub-playbook.

4. Playbook - runs a sub-playbook Duo Fraud Investigation that further investigates the suspicious login attempt.

5. End - retrieves the results from the sub-playbook.

Last updated

Was this helpful?