SecOps
Suspicious Login Detection: The system identifies suspicious login attempts by analyzing OAuth token deliveries and comparing IP addresses. This process, which typically requires manual monitoring and analysis, is automated to ensure immediate detection and response, reducing the risk of unauthorized access.
Notification and Decision Making: Notifications are sent to ITSecOps through Slack, prompting a decision on whether to approve or revoke access. This replaces manual communication and decision-making processes, ensuring swift action and reducing the time to address potential threats.
Access Revocation and Account Security: Mindflow automatically revokes access tokens and enforces a password change if a login is deemed suspicious. This task, usually requiring manual intervention, is automated to enhance security and prevent unauthorized access, ensuring accounts are secured promptly.
Google Sheets: In this use case, Google Sheets is utilized to log and track suspicious login events. It is a centralized repository for storing data related to login attempts, enabling easy access and analysis of historical login patterns and trends.
Slack: Slack is the communication channel for notifying ITSecOps about suspicious login attempts. It facilitates immediate alerts and decision-making, allowing the team to quickly respond to potential threats and take necessary actions to secure accounts.
Google Admin Directory: Google Admin Directory manages user accounts and access tokens. Revoking access and enforcing security measures, such as password changes, is critical to protect user accounts from unauthorized access.
IP Info: IP Info provides geolocation data for IP addresses involved in login attempts. This information is crucial for identifying unusual login locations and assessing the legitimacy of login activities, aiding in the detection of suspicious behavior.
Google Admin Reports: Retrieves user activity data, including recent login events and token issuances. It helps analyze user behavior and identify patterns indicating unauthorized access, supporting proactive threat management.
Google Distance Matrix: The Google Distance Matrix calculates the distance between login locations. It is used to determine the feasibility of travel between login points, helping to identify impossible travel scenarios that may suggest account compromise.
