Sentinel Automation - MFA

Copper Contributor



I am fairly new to the world of automation. I am looking to automate one of our security incidents based on whether or not MFA has succeeded or not. 

EX: Impossible travel activity incident. Attempted authentication from unknown IP's to a user account. Want to create a playbook that will look at whether or not the unknown IP successfully completed MFA, and if it did, automate some type of account lockout or password reset requirement.


Can anyone explain if this is possible, and if it is possible, how I would go about achieving something like this?


Thank you!

0 Replies