We currently have Auth Challenge in monitoring mode and would like to filter logs to identify how many times it would have been triggered prior to enabling it. What log event should I filter by?
Hi @robert.white,
Welcome to the Auth0 Community!
If you want to find logs for the Auth Challenge from Bot Detection, you could look for
the pla log event type code, which is generated before login and contains pre-login risk assessment data. Then look for the requiresVerification: true to determine if Captcha/Challenge was enforced.
You could also verify this by checking for successful login events (type: s) and looking for the requiredCaptcha: true to determine if Captcha was enforced for logins.
From here, you could count the number of times bot detection was triggered since each log event indicates that bot detection was triggered.
(Reference: How to Monitor Bot Protection Usage)
Thanks,
Rueben
Thanks Reuben, We were trying to determine the impact of enabling the captcha. Since we are currently only monitoring and not enforcing my goal was to try and determine how many times the captcha would have been enforced if it was enabled. It seems that unless you actually enable the auth challenge captcha there is no way to determine that count.
Hi @robert.white,
Thanks for the update.
I totally understand. If you enable the captcha, it will be enforced for every login attempt if you select Always for the enforcement setting.
As a way to gauge the number of times the captcha would be enforced, you could count the pla log event type code, which only triggers before login to determine the risk assessment but doesn’t actually enforce the captcha. With this information, you can determine how many times the captcha might be enforced if the setting is enabled.
If you decide to enable the auth challenge captcha later with Always as the setting, then you can be certain that the captcha is enforced on every login attempt.
Does that clarification help?
Thanks,
Rueben
Hi Reuben, That helps but we have a directive to keep logins for our guests as frictionless as possible. I think we will run a 1 hour test with “when risky” and bot detection set to low just to get an idea of volume. Depending on that test we may run a second one with bot detection set to medium for additional data.
Thanks again