Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

first draft of Managing Account Theft with ASM #28505

Open
wants to merge 17 commits into
base: master
Choose a base branch
from
Open

first draft of Managing Account Theft with ASM #28505

wants to merge 17 commits into from

Conversation

michaelcretzman
Copy link
Contributor

This guide covers:

  1. Collecting login information:
  • Enable and verify login activity collection in Datadog ASM using automatic or manual instrumentation methods.
  • Use remote configuration options if you cannot modify your service code.
  • Troubleshoot missing or incorrect data.
  1. Preparing for account takeover campaigns:
  • Prepare for ATO campaigns detected by ASM.
  • Configure notifications for attack alerts.
  • Validate proper data propagation for accurate attacker identification.
  • Set up automatic IP blocking for immediate mitigation.
  • Learn about the importance of temporary blocking due to dynamic attacker IPs.
  1. Reacting to account takeover campaigns:
  • Learn how to react to ATO campaigns, including attacker strategies, triage, response, investigation, monitoring, and cleanup.

Merge instructions

Merge readiness:

  • Ready for merge

@michaelcretzman michaelcretzman added the editorial review Waiting on a more in-depth review label Apr 1, 2025
@michaelcretzman michaelcretzman self-assigned this Apr 1, 2025
@michaelcretzman michaelcretzman requested review from a team as code owners April 1, 2025 21:31
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 1, 2025

Preview links (active after the build_preview check completes)

New or renamed files

Modified Files

Taiki-San
Taiki-San reviewed Apr 2, 2025
View reviewed changes
Copy link
Contributor

@Taiki-San Taiki-San left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comment on Phase 1. Mostly, I raise cases where the original meaning was lost in the edit

Taiki-San
Taiki-San reviewed Apr 2, 2025
View reviewed changes
Copy link
Contributor

@Taiki-San Taiki-San left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Phase 2

drichards-87
drichards-87 requested changes Apr 2, 2025
View reviewed changes
michaelcretzman and others added 3 commits April 3, 2025 13:23
@michaelcretzman @drichards-87
Apply suggestions from code review
bd87f4a 
Incorp peer edit review

Co-authored-by: DeForest Richards <[email protected]>
@michaelcretzman @Taiki-San
Apply suggestions from code review
921787b 
Incorp Dev review phase 1

Co-authored-by: Taiki <[email protected]>
@michaelcretzman
incorp tech review
98ced86
@drichards-87 drichards-87 removed the request for review from a team April 3, 2025 22:17
drichards-87
drichards-87 approved these changes Apr 3, 2025
View reviewed changes
Copy link
Contributor

@drichards-87 drichards-87 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a couple of small comments and approved the PR.

michaelcretzman and others added 2 commits April 3, 2025 18:30
@michaelcretzman @drichards-87 @Taiki-San
Apply suggestions from code review
3091a4c 
additional edits from peer reviewer

Co-authored-by: DeForest Richards <[email protected]>
Co-authored-by: Taiki <[email protected]>
@michaelcretzman
incorporating the tech and peer edits again
ced7806 
they were lost when I used Visual Studio Code to manage them.
I went thru each one and did it manually in this commit.
Taiki-San
Taiki-San reviewed Apr 7, 2025
View reviewed changes
Copy link
Contributor

@Taiki-San Taiki-San left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still need to finalize the Distributed Credential Stuffing and the Cleanup/Conclusion sections

michaelcretzman and others added 3 commits April 7, 2025 11:46
@michaelcretzman @Taiki-San
Apply suggestions from code review
8c4e77f 
Committing some dev edits

Co-authored-by: Taiki <[email protected]>
@michaelcretzman @Taiki-San
Apply suggestions from code review
728c121 
Edited revision

Co-authored-by: Taiki <[email protected]>
@michaelcretzman @Taiki-San
Apply suggestions from code review
40fbac2 
last of dev edit

Co-authored-by: Taiki <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Taiki-San Taiki-San Taiki-San left review comments

@drichards-87 drichards-87 drichards-87 approved these changes

Assignees

@michaelcretzman michaelcretzman

Labels
editorial review Waiting on a more in-depth review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@michaelcretzman @Taiki-San @drichards-87