Defender MFA

Version: One Identity Defender 5.9 and above.

One Identity Defender is a two-factor authentication or Multi-Factor Authentication (MFA) program. It uses the current identity store within Microsoft Active Directory to enable two-factor authentication, taking advantage of its inherent scalability and security, and eliminate the costs and time involved to set up and maintain proprietary databases.

Defender MFA integrates with Netsurion Open XDR to give security analytics with deep data context so that organizations can be confident in their data security strategy. Benefits include scheduled reports, integrated defender MFA dashboards and alerts for streamlined investigation.

Reports will allow users to keep records that is easy to read and to format. It is a detailed summary of events generated by Defender MFA. It includes successful or failed user sign-in attempts with user assigned tokens.

Alerts are best way to keep updated with critical events occurring in Defender MFA, such as, failed sign-in attempt with a user token, or when a token or defender password is assigned/unassigned to/from a user.

Dashboard provides a graphical representation of events generated by Defender MFA in the form of pie chart or bar graph, or force direction, and many more. Some of them are, top successful user authentications, user authentication failure reasons, top user authentication failures, etc.

After the One Identity Defender is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Defender MFA – A user authentication request has been rejected This alert is triggered as soon as Netsurion receives an event that indicates a failed authentication attempt using a token.
Operations Defender MFA – A defender password has been assigned to a user This alert is triggered as soon as Netsurion receives an event that indicates a defender password is assigned to a user.
Operations Defender MFA – A defender password has been unassigned from user This alert is triggered as soon as Netsurion receives an event that indicates a defender password is unassigned/removed from a user.
Operations Defender MFA – A token has been assigned to a user This alert is triggered as soon as Netsurion receives an event that indicates a token is assigned to a user.
Operations Defender MFA – A token has been unassigned from user This alert is triggered as soon as Netsurion receives an event that indicates a token is unassigned from a user.

Reports

Type Name Description
Security Defender MFA – Failed user authentications This report generates a detailed overview of activities that include a failed token/defender password authentication by any user. It includes, event datetime, event computer, username, failure reason, request ID, and session ID.
Operations Defender MFA – Successful user authentications This report generates a detailed overview of activities that includes a successful token/defender password authentication by any user. It includes, event datetime, event computer, username, authentication type, and session ID.
Operations Defender MFA – Token Management This report generates a detailed overview of activities that includes a successful token/defender password authentication by any user. It includes, event datetime, event computer, username, token ID and token status.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.2 or later, and Defender MFA version 5.9 and above.

Download Integration Guide and How-to Guide for configuration instructions and more information.