> ## Documentation Index
> Fetch the complete documentation index at: https://auth0-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn about Security Center, which provides observability tools that empower you to see potential attack trends and quickly respond to them in real-time.

# Security Center

Security Center provides observability tools that allow you to see potential attack trends and quickly respond to them in real-time. Security Center provides real-time monitoring that allows you to observe your own Customer Identity and Access Management (CIAM) anomaly detection metrics, and lets you configure attack mitigation features from within the same space.

## Real-time monitoring

Security Center provides you with an overview of your tenant’s security pulse and allows you to drive outcomes from within the Auth0 Management Dashboard. In Security Center, you can:

* Monitor your total traffic and total threats
* Observe threat behavior trends
* Identify applications associated with threat behavior trends
* Track login and signup traffic
* Monitor threats identified by our <Tooltip tip="Attack Protection: Features that Auth0 provides to detect and mitigate attacks, including brute-force protection, suspicious IP throttling, breached password detection, bot detection, and adaptive multi-factor authentication." cta="View Glossary" href="/docs/glossary?term=Attack+Protection">Attack Protection</Tooltip> and <Tooltip tip="Attack Protection: Features that Auth0 provides to detect and mitigate attacks, including brute-force protection, suspicious IP throttling, breached password detection, bot detection, and adaptive multi-factor authentication." cta="View Glossary" href="/docs/glossary?term=MFA">MFA</Tooltip> features

### Filtering and aggregation

Security Center allows you to filter available data to your needs.

You can filter data based on the following fields:

* Time period (up to the last 14 days)
* Applications
* Connections

Depending on the time period you select, the data is automatically aggregated per minute, per hour, or per day.

### Threat behavior trends

Security Center allows you to observe threat behavior trends for the following threat types:

* **Credential stuffing**: Behavioral patterns that appear to involve a machine attempt with the goal of submitting credentials to compromise user accounts.
* **Signup attack**: Behavioral patterns that appear to involve a machine attempt with the goal of creating new user accounts.
* **MFA bypass**: Behavior patterns that appear to involve a machine attempt with the goal of circumventing user multi-factor authentication (MFA) protections.

Views allow you to slice data by threat type and identify applications associated with threat behavior trends.

<Frame>
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/auth0-actions-triggers-prototype/docs/images/cdy7uua7fh8z/2hyZMfdrGwVZxKtuV4ZOR3/f1795066d12eb02550da8f4eb0f00fd5/Threat_Behavior.png" alt="Screenshot shows a dashboard, a line graph, a horizontal bar chart, and a doughnut chart. The dashboard details the total traffic, total threats, and percentage of threats. The line graph details threat behavior trends by traffic type. Separate lines exist for normal traffic, credential stuffing, signup attacks, and MFA bypass threats. The horizontal bar chart details threat behavior by app. Each bar represents a specific app and different threat types are color coded within the bar. The doughnut chart details the threat behavior type breakdown and different threat types are color coded within the doughnut." />
</Frame>

### Authentication events

Security Center allows you to inspect authentication events, including login attempts and signup attempts.

<Frame>
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/auth0-actions-triggers-prototype/docs/images/cdy7uua7fh8z/6ywLqRG3zUAMwkAEGDoDoU/c24aa46d823ae702861ef57ee14dd9e6/Authentication.png" alt="Screenshot shows two line graphs. One shows the number of login attempts in the last 7 days. Separate lines are shown for successful logins and failed logins. The other shows the number of signup attempts over the last 7 days. Separate lines are shown for successful signups and failed signups." />
</Frame>

#### Login attempts

Login attempts include both successful and failed login transactions over the last seven days.

#### Signup attempts

Signup attempts include both successful and failed signup transactions over the last seven days.

### Attack Protection and MFA monitoring

Security Center helps you understand current attack trends identified by our Attack Protection and MFA features, and allows you to implement countermeasures by enabling and configuring these features:

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  We will identify patterns that are usually an indicator of known attack types and log-related events, regardless of whether you selected countermeasures when configuring our Attack Protection features.
</Callout>

<Frame>
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/auth0-actions-triggers-prototype/docs/images/cdy7uua7fh8z/Threat_Monitoring/Threat_Monitoring.png" alt="Screenshot shows multiple line graphs for the Security Center Threat Protection tab." />
</Frame>

#### Bot detection

<Tooltip tip="Bot Detection: Form of attack protection in which Auth0 blocks suspected bot traffic by enabling a CAPTCHA during the login process." cta="View Glossary" href="/docs/glossary?term=Bot+detection">Bot detection</Tooltip> mitigates scripted attacks by detecting when a request is likely to be coming from a bot. Bot detection includes the number of bots detected over the last seven days.

To learn more about this feature, read [Bot Detection](/docs/secure/attack-protection/bot-detection).

#### Suspicious IP throttling

<Tooltip tip="Suspicious IP Throttling: Form of attack protection that protects your tenant against suspicious logins targeting too many accounts from a single IP address." cta="View Glossary" href="/docs/glossary?term=Suspicious+IP+throttling">Suspicious IP throttling</Tooltip> blocks traffic from any IP address that rapidly attempts too many logins or signups. Suspicious IP throttling includes the number of suspicious IPs blocked over the last seven days.

To learn more about this feature, read [Suspicious IP Throttling](/docs/secure/attack-protection/suspicious-ip-throttling).

#### Brute-force protection

<Tooltip tip="Brute-force Protection: Form of attack protection that safeguards against brute-force attacks that occur from a single IP address and target a single user account." cta="View Glossary" href="/docs/glossary?term=Brute-force+protection">Brute-force protection</Tooltip> safeguards against a single IP address attacking a single user account. Brute-force protection includes the number of blocked brute-force attempts over the last seven days.

To learn more about this feature, read [Brute-Force Protection](/docs/secure/attack-protection/brute-force-protection).

#### Breached password detection

<Tooltip tip="Breached Password Detection: Form of attack protection in which Auth0 notifies your users if they use a username/password combination that has been compromised in a data leak on a third-party website or app." cta="View Glossary" href="/docs/glossary?term=Breached+password+detection">Breached password detection</Tooltip> protects your applications from <Tooltip tip="Breached Password Detection: Form of attack protection in which Auth0 notifies your users if they use a username/password combination that has been compromised in a data leak on a third-party website or app." cta="View Glossary" href="/docs/glossary?term=bad+actors">bad actors</Tooltip> signing up or logging in with stolen credentials. Breached password detection includes the number of breached credentials detected in login and signup flows over the last seven days.

To learn more about this feature, read [Breached Password Detection](/docs/secure/attack-protection/breached-password-detection).

#### Multi-factor authentication

Multi-factor authentication (MFA) verifies users by requiring more than one type of user validation. MFA includes the number of MFA challenges detected and the number of MFA challenges passed or failed over the last seven days.

To learn more about this feature, read [Multi-Factor Authentication](/docs/secure/multi-factor-authentication).

## Learn more

* [Metrics](/docs/secure/security-center/metrics)