Defender MFA

Overview

One Identity Defender is a two-factor authentication or Multi-Factor Authentication (MFA) program. It uses the current identity store within Microsoft Active Directory to enable two-factor authentication, taking advantage of its inherent scalability and security, and eliminate the costs and time involved to set up and maintain proprietary databases.

Defender MFA integrates with EventTracker SIEM application to give security analytics with deep data context so that organizations can be confident in their data security strategy. Benefits include scheduled reports, integrated defender MFA dashboards and alerts for streamlined investigation.

Reports will allow users to keep records that is easy to read and to format. It is a detailed summary of events generated by Defender MFA. It includes successful or failed user sign-in attempts with user assigned tokens.
Alerts are best way to keep updated with critical events occurring in Defender MFA, such as, failed sign-in attempt with a user token, or when a token or defender password is assigned/unassigned to/from a user.

Dashboard provides a graphical representation of events generated by Defender MFA in the form of pie chart or bar graph, or force direction, and many more. Some of them are, top successful user authentications, user authentication failure reasons, top user authentication failures, etc.

Previous Next

Once Defender MFA is configured to deliver events to EventTracker, manager, alerts, dashboards, and reports can be configured into EventTracker.

Scope

The configuration details are consistent with EventTracker version 9.2 and later, and Defender MFA version 5.9 and above.

Documentation:

To configure Defender MFA to send logs to EventTracker, refer to the How-to Guide.

For more information please refer to the Integration guide.