Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2024
Views
20
Helpful
6
Replies

Filter/drop bogus identity requests

Go to solution
mykys
Level 1
Level 1

‎11-27-2020 05:59 AM

Hi all,

 

Weird one. Our system receives a lot of requests from bogus identities (looks like broken script):

 

identity.PNG

 

While we are investigating this, is there an easy way to create a filter or something to drop silently requests from those usernames? 

It generates ~3M of failure requests a day and floods our live logs.

 

Thanks,

Myky

1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎11-27-2020 07:13 AM

Yes, it's just supressing the log entry afaik.

Best off finding the source and disabling the script.

View solution in original post

6 Replies 6

Go to solution
Rob Ingram
VIP
VIP

‎11-27-2020 06:32 AM

Hi @mykys 

Perhaps try using a collection filter to match the identity being sent

Naviagate to Adminstration > System > Logging > Collection Filter

Go to solution
mykys
Level 1
Level 1
In response to Rob Ingram

‎11-27-2020 06:36 AM

Hey @Rob Ingram 

 

Thanks. 

 

Was not aware of that functionality. 

I need to check the admin guide. What is does (high-level overview)? 

 

Thanks,

Myky

 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎11-27-2020 06:43 AM

It would filter the identity/username specified from the logs.

Go to solution
mykys
Level 1
Level 1
In response to Rob Ingram

‎11-27-2020 06:45 AM - edited ‎11-27-2020 06:46 AM

Will the request still be processed by ISE (CPU hit)? 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎11-27-2020 07:13 AM

Yes, it's just supressing the log entry afaik.

Best off finding the source and disabling the script.

Go to solution
mykys
Level 1
Level 1
In response to Rob Ingram

‎11-27-2020 07:19 AM

Cool, thanks @Rob Ingram 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents