getAttackProtection

Auth0 v3.33.0, Nov 14 25

Auth0 v3.33.0 published on Friday, Nov 14, 2025 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

Auth0 v3.33.0 published on Friday, Nov 14, 2025 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myProtection = auth0.getAttackProtection({});

import pulumi
import pulumi_auth0 as auth0

my_protection = auth0.get_attack_protection()

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.LookupAttackProtection(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var myProtection = Auth0.GetAttackProtection.Invoke();

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Auth0Functions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var myProtection = Auth0Functions.getAttackProtection(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);

    }
}

variables:
  myProtection:
    fn::invoke:
      function: auth0:getAttackProtection
      arguments: {}

Using getAttackProtection

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAttackProtection(opts?: InvokeOptions): Promise<GetAttackProtectionResult>
function getAttackProtectionOutput(opts?: InvokeOptions): Output<GetAttackProtectionResult>

def get_attack_protection(opts: Optional[InvokeOptions] = None) -> GetAttackProtectionResult
def get_attack_protection_output(opts: Optional[InvokeOptions] = None) -> Output[GetAttackProtectionResult]

func LookupAttackProtection(ctx *Context, opts ...InvokeOption) (*LookupAttackProtectionResult, error)
func LookupAttackProtectionOutput(ctx *Context, opts ...InvokeOption) LookupAttackProtectionResultOutput

> Note: This function is named LookupAttackProtection in the Go SDK.

public static class GetAttackProtection 
{
    public static Task<GetAttackProtectionResult> InvokeAsync(InvokeOptions? opts = null)
    public static Output<GetAttackProtectionResult> Invoke(InvokeOptions? opts = null)
}

public static CompletableFuture<GetAttackProtectionResult> getAttackProtection(InvokeOptions options)
public static Output<GetAttackProtectionResult> getAttackProtection(InvokeOptions options)

fn::invoke:
  function: auth0:index/getAttackProtection:getAttackProtection
  arguments:
    # arguments dictionary

getAttackProtection Result

The following output properties are available:

BotDetections List<GetAttackProtectionBotDetection>: Bot detection configuration to identify and prevent automated threats.
BreachedPasswordDetections List<GetAttackProtectionBreachedPasswordDetection>: Breached password detection protects your applications from bad actors logging in with stolen credentials.
BruteForceProtections List<GetAttackProtectionBruteForceProtection>: Brute-force protection safeguards against a single IP address attacking a single user account.
Captchas List<GetAttackProtectionCaptcha>: CAPTCHA configuration for attack protection.
Id string: The provider-assigned unique ID for this managed resource.
SuspiciousIpThrottlings List<GetAttackProtectionSuspiciousIpThrottling>: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

BotDetections []GetAttackProtectionBotDetection: Bot detection configuration to identify and prevent automated threats.
BreachedPasswordDetections []GetAttackProtectionBreachedPasswordDetection: Breached password detection protects your applications from bad actors logging in with stolen credentials.
BruteForceProtections []GetAttackProtectionBruteForceProtection: Brute-force protection safeguards against a single IP address attacking a single user account.
Captchas []GetAttackProtectionCaptcha: CAPTCHA configuration for attack protection.
Id string: The provider-assigned unique ID for this managed resource.
SuspiciousIpThrottlings []GetAttackProtectionSuspiciousIpThrottling: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

botDetections List<GetAttackProtectionBotDetection>: Bot detection configuration to identify and prevent automated threats.
breachedPasswordDetections List<GetAttackProtectionBreachedPasswordDetection>: Breached password detection protects your applications from bad actors logging in with stolen credentials.
bruteForceProtections List<GetAttackProtectionBruteForceProtection>: Brute-force protection safeguards against a single IP address attacking a single user account.
captchas List<GetAttackProtectionCaptcha>: CAPTCHA configuration for attack protection.
id String: The provider-assigned unique ID for this managed resource.
suspiciousIpThrottlings List<GetAttackProtectionSuspiciousIpThrottling>: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

botDetections GetAttackProtectionBotDetection[]: Bot detection configuration to identify and prevent automated threats.
breachedPasswordDetections GetAttackProtectionBreachedPasswordDetection[]: Breached password detection protects your applications from bad actors logging in with stolen credentials.
bruteForceProtections GetAttackProtectionBruteForceProtection[]: Brute-force protection safeguards against a single IP address attacking a single user account.
captchas GetAttackProtectionCaptcha[]: CAPTCHA configuration for attack protection.
id string: The provider-assigned unique ID for this managed resource.
suspiciousIpThrottlings GetAttackProtectionSuspiciousIpThrottling[]: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

bot_detections Sequence[GetAttackProtectionBotDetection]: Bot detection configuration to identify and prevent automated threats.
breached_password_detections Sequence[GetAttackProtectionBreachedPasswordDetection]: Breached password detection protects your applications from bad actors logging in with stolen credentials.
brute_force_protections Sequence[GetAttackProtectionBruteForceProtection]: Brute-force protection safeguards against a single IP address attacking a single user account.
captchas Sequence[GetAttackProtectionCaptcha]: CAPTCHA configuration for attack protection.
id str: The provider-assigned unique ID for this managed resource.
suspicious_ip_throttlings Sequence[GetAttackProtectionSuspiciousIpThrottling]: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

botDetections List<Property Map>: Bot detection configuration to identify and prevent automated threats.
breachedPasswordDetections List<Property Map>: Breached password detection protects your applications from bad actors logging in with stolen credentials.
bruteForceProtections List<Property Map>: Brute-force protection safeguards against a single IP address attacking a single user account.
captchas List<Property Map>: CAPTCHA configuration for attack protection.
id String: The provider-assigned unique ID for this managed resource.
suspiciousIpThrottlings List<Property Map>: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

Supporting Types

GetAttackProtectionBotDetection

Allowlists List<string>: List of IP addresses or ranges that will not trigger bot detection.
BotDetectionLevel string: Bot detection level. Possible values: low, medium, high. Set to empty string to disable.
ChallengePasswordPolicy string: Challenge policy for password flow. Possible values: never, when_risky, always.
ChallengePasswordResetPolicy string: Challenge policy for password reset flow. Possible values: never, when_risky, always.
ChallengePasswordlessPolicy string: Challenge policy for passwordless flow. Possible values: never, when_risky, always.
MonitoringModeEnabled bool: Whether monitoring mode is enabled for bot detection.

Allowlists []string: List of IP addresses or ranges that will not trigger bot detection.
BotDetectionLevel string: Bot detection level. Possible values: low, medium, high. Set to empty string to disable.
ChallengePasswordPolicy string: Challenge policy for password flow. Possible values: never, when_risky, always.
ChallengePasswordResetPolicy string: Challenge policy for password reset flow. Possible values: never, when_risky, always.
ChallengePasswordlessPolicy string: Challenge policy for passwordless flow. Possible values: never, when_risky, always.
MonitoringModeEnabled bool: Whether monitoring mode is enabled for bot detection.

allowlists List<String>: List of IP addresses or ranges that will not trigger bot detection.
botDetectionLevel String: Bot detection level. Possible values: low, medium, high. Set to empty string to disable.
challengePasswordPolicy String: Challenge policy for password flow. Possible values: never, when_risky, always.
challengePasswordResetPolicy String: Challenge policy for password reset flow. Possible values: never, when_risky, always.
challengePasswordlessPolicy String: Challenge policy for passwordless flow. Possible values: never, when_risky, always.
monitoringModeEnabled Boolean: Whether monitoring mode is enabled for bot detection.

allowlists string[]: List of IP addresses or ranges that will not trigger bot detection.
botDetectionLevel string: Bot detection level. Possible values: low, medium, high. Set to empty string to disable.
challengePasswordPolicy string: Challenge policy for password flow. Possible values: never, when_risky, always.
challengePasswordResetPolicy string: Challenge policy for password reset flow. Possible values: never, when_risky, always.
challengePasswordlessPolicy string: Challenge policy for passwordless flow. Possible values: never, when_risky, always.
monitoringModeEnabled boolean: Whether monitoring mode is enabled for bot detection.

allowlists Sequence[str]: List of IP addresses or ranges that will not trigger bot detection.
bot_detection_level str: Bot detection level. Possible values: low, medium, high. Set to empty string to disable.
challenge_password_policy str: Challenge policy for password flow. Possible values: never, when_risky, always.
challenge_password_reset_policy str: Challenge policy for password reset flow. Possible values: never, when_risky, always.
challenge_passwordless_policy str: Challenge policy for passwordless flow. Possible values: never, when_risky, always.
monitoring_mode_enabled bool: Whether monitoring mode is enabled for bot detection.

allowlists List<String>: List of IP addresses or ranges that will not trigger bot detection.
botDetectionLevel String: Bot detection level. Possible values: low, medium, high. Set to empty string to disable.
challengePasswordPolicy String: Challenge policy for password flow. Possible values: never, when_risky, always.
challengePasswordResetPolicy String: Challenge policy for password reset flow. Possible values: never, when_risky, always.
challengePasswordlessPolicy String: Challenge policy for passwordless flow. Possible values: never, when_risky, always.
monitoringModeEnabled Boolean: Whether monitoring mode is enabled for bot detection.

GetAttackProtectionBreachedPasswordDetection

AdminNotificationFrequencies List<string>: When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
Enabled bool: Whether breached password detection is active.
Method string: The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
PreChangePasswords List<GetAttackProtectionBreachedPasswordDetectionPreChangePassword>: Configuration options that apply before every password change attempt.
PreUserRegistrations List<GetAttackProtectionBreachedPasswordDetectionPreUserRegistration>: Configuration options that apply before every user registration attempt. Only available on public tenants.
Shields List<string>: Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).

AdminNotificationFrequencies []string: When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
Enabled bool: Whether breached password detection is active.
Method string: The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
PreChangePasswords []GetAttackProtectionBreachedPasswordDetectionPreChangePassword: Configuration options that apply before every password change attempt.
PreUserRegistrations []GetAttackProtectionBreachedPasswordDetectionPreUserRegistration: Configuration options that apply before every user registration attempt. Only available on public tenants.
Shields []string: Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).

adminNotificationFrequencies List<String>: When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
enabled Boolean: Whether breached password detection is active.
method String: The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
preChangePasswords List<GetAttackProtectionBreachedPasswordDetectionPreChangePassword>: Configuration options that apply before every password change attempt.
preUserRegistrations List<GetAttackProtectionBreachedPasswordDetectionPreUserRegistration>: Configuration options that apply before every user registration attempt. Only available on public tenants.
shields List<String>: Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).

adminNotificationFrequencies string[]: When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
enabled boolean: Whether breached password detection is active.
method string: The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
preChangePasswords GetAttackProtectionBreachedPasswordDetectionPreChangePassword[]: Configuration options that apply before every password change attempt.
preUserRegistrations GetAttackProtectionBreachedPasswordDetectionPreUserRegistration[]: Configuration options that apply before every user registration attempt. Only available on public tenants.
shields string[]: Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).

admin_notification_frequencies Sequence[str]: When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
enabled bool: Whether breached password detection is active.
method str: The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
pre_change_passwords Sequence[GetAttackProtectionBreachedPasswordDetectionPreChangePassword]: Configuration options that apply before every password change attempt.
pre_user_registrations Sequence[GetAttackProtectionBreachedPasswordDetectionPreUserRegistration]: Configuration options that apply before every user registration attempt. Only available on public tenants.
shields Sequence[str]: Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).

adminNotificationFrequencies List<String>: When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
enabled Boolean: Whether breached password detection is active.
method String: The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
preChangePasswords List<Property Map>: Configuration options that apply before every password change attempt.
preUserRegistrations List<Property Map>: Configuration options that apply before every user registration attempt. Only available on public tenants.
shields List<String>: Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).

GetAttackProtectionBreachedPasswordDetectionPreChangePassword

Shields List<string>: Action to take when a breached password is detected before the password is changed. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

Shields []string: Action to take when a breached password is detected before the password is changed. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

shields List<String>: Action to take when a breached password is detected before the password is changed. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

shields string[]: Action to take when a breached password is detected before the password is changed. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

shields Sequence[str]: Action to take when a breached password is detected before the password is changed. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

shields List<String>: Action to take when a breached password is detected before the password is changed. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

GetAttackProtectionBreachedPasswordDetectionPreUserRegistration

Shields List<string>: Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

Shields []string: Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

shields List<String>: Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

shields string[]: Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

shields Sequence[str]: Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

shields List<String>: Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

GetAttackProtectionBruteForceProtection

Allowlists List<string>: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
Enabled bool: Whether brute force attack protections are active.
MaxAttempts int: Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
Mode string: Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
Shields List<string>: Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).

Allowlists []string: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
Enabled bool: Whether brute force attack protections are active.
MaxAttempts int: Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
Mode string: Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
Shields []string: Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).

allowlists List<String>: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
enabled Boolean: Whether brute force attack protections are active.
maxAttempts Integer: Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
mode String: Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
shields List<String>: Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).

allowlists string[]: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
enabled boolean: Whether brute force attack protections are active.
maxAttempts number: Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
mode string: Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
shields string[]: Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).

allowlists Sequence[str]: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
enabled bool: Whether brute force attack protections are active.
max_attempts int: Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
mode str: Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
shields Sequence[str]: Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).

allowlists List<String>: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
enabled Boolean: Whether brute force attack protections are active.
maxAttempts Number: Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
mode String: Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
shields List<String>: Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).

GetAttackProtectionCaptcha

ActiveProviderId string: Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values: recaptcha_v2, recaptcha_enterprise, hcaptcha, friendly_captcha, arkose, auth_challenge, simple_captcha.
Arkoses List<GetAttackProtectionCaptchaArkose>: Configuration for Arkose Labs.
AuthChallenges List<GetAttackProtectionCaptchaAuthChallenge>: Configuration for Auth0's Auth Challenge.
FriendlyCaptchas List<GetAttackProtectionCaptchaFriendlyCaptcha>: Configuration for Friendly Captcha.
Hcaptchas List<GetAttackProtectionCaptchaHcaptcha>: Configuration for hCaptcha.
RecaptchaEnterprises List<GetAttackProtectionCaptchaRecaptchaEnterprise>: Configuration for Google reCAPTCHA Enterprise.
RecaptchaV2s List<GetAttackProtectionCaptchaRecaptchaV2>: Configuration for Google reCAPTCHA v2.

ActiveProviderId string: Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values: recaptcha_v2, recaptcha_enterprise, hcaptcha, friendly_captcha, arkose, auth_challenge, simple_captcha.
Arkoses []GetAttackProtectionCaptchaArkose: Configuration for Arkose Labs.
AuthChallenges []GetAttackProtectionCaptchaAuthChallenge: Configuration for Auth0's Auth Challenge.
FriendlyCaptchas []GetAttackProtectionCaptchaFriendlyCaptcha: Configuration for Friendly Captcha.
Hcaptchas []GetAttackProtectionCaptchaHcaptcha: Configuration for hCaptcha.
RecaptchaEnterprises []GetAttackProtectionCaptchaRecaptchaEnterprise: Configuration for Google reCAPTCHA Enterprise.
RecaptchaV2s []GetAttackProtectionCaptchaRecaptchaV2: Configuration for Google reCAPTCHA v2.

activeProviderId String: Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values: recaptcha_v2, recaptcha_enterprise, hcaptcha, friendly_captcha, arkose, auth_challenge, simple_captcha.
arkoses List<GetAttackProtectionCaptchaArkose>: Configuration for Arkose Labs.
authChallenges List<GetAttackProtectionCaptchaAuthChallenge>: Configuration for Auth0's Auth Challenge.
friendlyCaptchas List<GetAttackProtectionCaptchaFriendlyCaptcha>: Configuration for Friendly Captcha.
hcaptchas List<GetAttackProtectionCaptchaHcaptcha>: Configuration for hCaptcha.
recaptchaEnterprises List<GetAttackProtectionCaptchaRecaptchaEnterprise>: Configuration for Google reCAPTCHA Enterprise.
recaptchaV2s List<GetAttackProtectionCaptchaRecaptchaV2>: Configuration for Google reCAPTCHA v2.

activeProviderId string: Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values: recaptcha_v2, recaptcha_enterprise, hcaptcha, friendly_captcha, arkose, auth_challenge, simple_captcha.
arkoses GetAttackProtectionCaptchaArkose[]: Configuration for Arkose Labs.
authChallenges GetAttackProtectionCaptchaAuthChallenge[]: Configuration for Auth0's Auth Challenge.
friendlyCaptchas GetAttackProtectionCaptchaFriendlyCaptcha[]: Configuration for Friendly Captcha.
hcaptchas GetAttackProtectionCaptchaHcaptcha[]: Configuration for hCaptcha.
recaptchaEnterprises GetAttackProtectionCaptchaRecaptchaEnterprise[]: Configuration for Google reCAPTCHA Enterprise.
recaptchaV2s GetAttackProtectionCaptchaRecaptchaV2[]: Configuration for Google reCAPTCHA v2.

active_provider_id str: Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values: recaptcha_v2, recaptcha_enterprise, hcaptcha, friendly_captcha, arkose, auth_challenge, simple_captcha.
arkoses Sequence[GetAttackProtectionCaptchaArkose]: Configuration for Arkose Labs.
auth_challenges Sequence[GetAttackProtectionCaptchaAuthChallenge]: Configuration for Auth0's Auth Challenge.
friendly_captchas Sequence[GetAttackProtectionCaptchaFriendlyCaptcha]: Configuration for Friendly Captcha.
hcaptchas Sequence[GetAttackProtectionCaptchaHcaptcha]: Configuration for hCaptcha.
recaptcha_enterprises Sequence[GetAttackProtectionCaptchaRecaptchaEnterprise]: Configuration for Google reCAPTCHA Enterprise.
recaptcha_v2s Sequence[GetAttackProtectionCaptchaRecaptchaV2]: Configuration for Google reCAPTCHA v2.

activeProviderId String: Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values: recaptcha_v2, recaptcha_enterprise, hcaptcha, friendly_captcha, arkose, auth_challenge, simple_captcha.
arkoses List<Property Map>: Configuration for Arkose Labs.
authChallenges List<Property Map>: Configuration for Auth0's Auth Challenge.
friendlyCaptchas List<Property Map>: Configuration for Friendly Captcha.
hcaptchas List<Property Map>: Configuration for hCaptcha.
recaptchaEnterprises List<Property Map>: Configuration for Google reCAPTCHA Enterprise.
recaptchaV2s List<Property Map>: Configuration for Google reCAPTCHA v2.

GetAttackProtectionCaptchaArkose

ClientSubdomain string: Client subdomain for Arkose Labs.
FailOpen bool: Whether the captcha should fail open.
Secret string: Secret for Arkose Labs.
SiteKey string: Site key for Arkose Labs.
VerifySubdomain string: Verify subdomain for Arkose Labs.

ClientSubdomain string: Client subdomain for Arkose Labs.
FailOpen bool: Whether the captcha should fail open.
Secret string: Secret for Arkose Labs.
SiteKey string: Site key for Arkose Labs.
VerifySubdomain string: Verify subdomain for Arkose Labs.

clientSubdomain String: Client subdomain for Arkose Labs.
failOpen Boolean: Whether the captcha should fail open.
secret String: Secret for Arkose Labs.
siteKey String: Site key for Arkose Labs.
verifySubdomain String: Verify subdomain for Arkose Labs.

clientSubdomain string: Client subdomain for Arkose Labs.
failOpen boolean: Whether the captcha should fail open.
secret string: Secret for Arkose Labs.
siteKey string: Site key for Arkose Labs.
verifySubdomain string: Verify subdomain for Arkose Labs.

client_subdomain str: Client subdomain for Arkose Labs.
fail_open bool: Whether the captcha should fail open.
secret str: Secret for Arkose Labs.
site_key str: Site key for Arkose Labs.
verify_subdomain str: Verify subdomain for Arkose Labs.

clientSubdomain String: Client subdomain for Arkose Labs.
failOpen Boolean: Whether the captcha should fail open.
secret String: Secret for Arkose Labs.
siteKey String: Site key for Arkose Labs.
verifySubdomain String: Verify subdomain for Arkose Labs.

GetAttackProtectionCaptchaAuthChallenge

FailOpen bool: Whether the auth challenge should fail open.

FailOpen bool: Whether the auth challenge should fail open.

failOpen Boolean: Whether the auth challenge should fail open.

failOpen boolean: Whether the auth challenge should fail open.

fail_open bool: Whether the auth challenge should fail open.

failOpen Boolean: Whether the auth challenge should fail open.

GetAttackProtectionCaptchaFriendlyCaptcha

Secret string: Secret for Friendly Captcha.
SiteKey string: Site key for Friendly Captcha.

Secret string: Secret for Friendly Captcha.
SiteKey string: Site key for Friendly Captcha.

secret String: Secret for Friendly Captcha.
siteKey String: Site key for Friendly Captcha.

secret string: Secret for Friendly Captcha.
siteKey string: Site key for Friendly Captcha.

secret str: Secret for Friendly Captcha.
site_key str: Site key for Friendly Captcha.

secret String: Secret for Friendly Captcha.
siteKey String: Site key for Friendly Captcha.

GetAttackProtectionCaptchaHcaptcha

Secret string: Secret for hCaptcha.
SiteKey string: Site key for hCaptcha.

Secret string: Secret for hCaptcha.
SiteKey string: Site key for hCaptcha.

secret String: Secret for hCaptcha.
siteKey String: Site key for hCaptcha.

secret string: Secret for hCaptcha.
siteKey string: Site key for hCaptcha.

secret str: Secret for hCaptcha.
site_key str: Site key for hCaptcha.

secret String: Secret for hCaptcha.
siteKey String: Site key for hCaptcha.

GetAttackProtectionCaptchaRecaptchaEnterprise

ApiKey string: API key for reCAPTCHA Enterprise.
ProjectId string: Project ID for reCAPTCHA Enterprise.
SiteKey string: Site key for reCAPTCHA Enterprise.

ApiKey string: API key for reCAPTCHA Enterprise.
ProjectId string: Project ID for reCAPTCHA Enterprise.
SiteKey string: Site key for reCAPTCHA Enterprise.

apiKey String: API key for reCAPTCHA Enterprise.
projectId String: Project ID for reCAPTCHA Enterprise.
siteKey String: Site key for reCAPTCHA Enterprise.

apiKey string: API key for reCAPTCHA Enterprise.
projectId string: Project ID for reCAPTCHA Enterprise.
siteKey string: Site key for reCAPTCHA Enterprise.

api_key str: API key for reCAPTCHA Enterprise.
project_id str: Project ID for reCAPTCHA Enterprise.
site_key str: Site key for reCAPTCHA Enterprise.

apiKey String: API key for reCAPTCHA Enterprise.
projectId String: Project ID for reCAPTCHA Enterprise.
siteKey String: Site key for reCAPTCHA Enterprise.

GetAttackProtectionCaptchaRecaptchaV2

Secret string: Secret for reCAPTCHA v2.
SiteKey string: Site key for reCAPTCHA v2.

Secret string: Secret for reCAPTCHA v2.
SiteKey string: Site key for reCAPTCHA v2.

secret String: Secret for reCAPTCHA v2.
siteKey String: Site key for reCAPTCHA v2.

secret string: Secret for reCAPTCHA v2.
siteKey string: Site key for reCAPTCHA v2.

secret str: Secret for reCAPTCHA v2.
site_key str: Site key for reCAPTCHA v2.

secret String: Secret for reCAPTCHA v2.
siteKey String: Site key for reCAPTCHA v2.

GetAttackProtectionSuspiciousIpThrottling

Allowlists List<string>: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
Enabled bool: Whether suspicious IP throttling attack protections are active.
PreLogins List<GetAttackProtectionSuspiciousIpThrottlingPreLogin>: Configuration options that apply before every login attempt. Only available on public tenants.
PreUserRegistrations List<GetAttackProtectionSuspiciousIpThrottlingPreUserRegistration>: Configuration options that apply before every user registration attempt. Only available on public tenants.
Shields List<string>: Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).

Allowlists []string: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
Enabled bool: Whether suspicious IP throttling attack protections are active.
PreLogins []GetAttackProtectionSuspiciousIpThrottlingPreLogin: Configuration options that apply before every login attempt. Only available on public tenants.
PreUserRegistrations []GetAttackProtectionSuspiciousIpThrottlingPreUserRegistration: Configuration options that apply before every user registration attempt. Only available on public tenants.
Shields []string: Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).

allowlists List<String>: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
enabled Boolean: Whether suspicious IP throttling attack protections are active.
preLogins List<GetAttackProtectionSuspiciousIpThrottlingPreLogin>: Configuration options that apply before every login attempt. Only available on public tenants.
preUserRegistrations List<GetAttackProtectionSuspiciousIpThrottlingPreUserRegistration>: Configuration options that apply before every user registration attempt. Only available on public tenants.
shields List<String>: Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).

allowlists string[]: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
enabled boolean: Whether suspicious IP throttling attack protections are active.
preLogins GetAttackProtectionSuspiciousIpThrottlingPreLogin[]: Configuration options that apply before every login attempt. Only available on public tenants.
preUserRegistrations GetAttackProtectionSuspiciousIpThrottlingPreUserRegistration[]: Configuration options that apply before every user registration attempt. Only available on public tenants.
shields string[]: Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).

allowlists Sequence[str]: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
enabled bool: Whether suspicious IP throttling attack protections are active.
pre_logins Sequence[GetAttackProtectionSuspiciousIpThrottlingPreLogin]: Configuration options that apply before every login attempt. Only available on public tenants.
pre_user_registrations Sequence[GetAttackProtectionSuspiciousIpThrottlingPreUserRegistration]: Configuration options that apply before every user registration attempt. Only available on public tenants.
shields Sequence[str]: Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).

allowlists List<String>: List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
enabled Boolean: Whether suspicious IP throttling attack protections are active.
preLogins List<Property Map>: Configuration options that apply before every login attempt. Only available on public tenants.
preUserRegistrations List<Property Map>: Configuration options that apply before every user registration attempt. Only available on public tenants.
shields List<String>: Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).

GetAttackProtectionSuspiciousIpThrottlingPreLogin

MaxAttempts int: The maximum number of failed login attempts allowed from a single IP address.
Rate int: Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.

MaxAttempts int: The maximum number of failed login attempts allowed from a single IP address.
Rate int: Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.

maxAttempts Integer: The maximum number of failed login attempts allowed from a single IP address.
rate Integer: Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.

maxAttempts number: The maximum number of failed login attempts allowed from a single IP address.
rate number: Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.

max_attempts int: The maximum number of failed login attempts allowed from a single IP address.
rate int: Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.

maxAttempts Number: The maximum number of failed login attempts allowed from a single IP address.
rate Number: Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.

GetAttackProtectionSuspiciousIpThrottlingPreUserRegistration

MaxAttempts int: The maximum number of sign up attempts allowed from a single IP address.
Rate int: Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.

MaxAttempts int: The maximum number of sign up attempts allowed from a single IP address.
Rate int: Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.

maxAttempts Integer: The maximum number of sign up attempts allowed from a single IP address.
rate Integer: Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.

maxAttempts number: The maximum number of sign up attempts allowed from a single IP address.
rate number: Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.

max_attempts int: The maximum number of sign up attempts allowed from a single IP address.
rate int: Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.

maxAttempts Number: The maximum number of sign up attempts allowed from a single IP address.
rate Number: Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.

Package Details

Repository: Auth0 pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.

Auth0 v3.33.0 published on Friday, Nov 14, 2025 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

auth0.getAttackProtection

On this page

On this page

Example Usage

Using getAttackProtection

getAttackProtection Result

Supporting Types

GetAttackProtectionBotDetection

GetAttackProtectionBreachedPasswordDetection

GetAttackProtectionBreachedPasswordDetectionPreChangePassword

GetAttackProtectionBreachedPasswordDetectionPreUserRegistration

GetAttackProtectionBruteForceProtection

GetAttackProtectionCaptcha

GetAttackProtectionCaptchaArkose

GetAttackProtectionCaptchaAuthChallenge

GetAttackProtectionCaptchaFriendlyCaptcha

GetAttackProtectionCaptchaHcaptcha

GetAttackProtectionCaptchaRecaptchaEnterprise

GetAttackProtectionCaptchaRecaptchaV2

GetAttackProtectionSuspiciousIpThrottling

GetAttackProtectionSuspiciousIpThrottlingPreLogin

GetAttackProtectionSuspiciousIpThrottlingPreUserRegistration

Package Details

On this page

On this page