What sort of telemetry can FusionAuth provide for potentially suspicious logins, credential attacks, and other security related events?
I'm just trying to understand what capabilities are available in FusionAuth.
lately, I've created a feature request on the suspicious login attempt detection capabilities. If I've been to creates such service my starting point would be client IP (for geolocalization) and
user-agentstring (maybe all headers) for browser fingerprinting of sorts. Still, login success/failure events summary contained in webhook call contains no useful information for such scenario
This may be useful if what you are trying to extract is in ElasticSearch (user data): https://elastalert.readthedocs.io/en/latest/
Doesn't help with other aspects of the system, but I believe we have some features planned.