We are currently trying to leverage the logs provided by Auth0 to implement detection rules in our security monitoring platform, based on specific threat scenarios/use cases.
During this project, we identified that no specific logs are issued when an admin is accessing a Client Secret for an “Application” through both the “Settings” or “Credentials” tabs by clicking on “Reveal Client Secret”.
Normally, any platform should log a specific event for a such sensitive access/action. The only log we have is a “Get a client” with a path set to “/api/v2/clients/CLIENT_ID”. But this is definitely not enough as we need more fine grained details in the logs about what was done by the admin.
As now, this event will be basically triggered each time the Application is accessed, without providing any additional information. But we can access an Application without performing any sensitive action such as revealing the client secret.
So, could you please implement more detailed logs, at least for sensitive actions such as someone accessing to secrets, revealing them, etc.