5.2 Understanding the Rule Class

Risk evaluation is done using a set of rules configured. You can configure the in-built default rules that are provided in the product. If you have a requirement that is not achievable using these rules, then you can write your own rule as a custom rule. As shown in the below figure, Risk Engine evaluate all the rules configured one-by-one, and evaluates the Risk Score with Risk Level for the connecting user.

Figure 5-1 Risk Engine evaluating Rules

Risk Engine collects all the activity details of the connecting user and passes it on to the rules for evaluation. These include IP address of the connecting client, HTTP headers, Cookies, User attributes, user historical data etc.

The Risk Engine architecture provides a programming interface that allows you to create a custom Rule class. This rule can be configured like any other rule for Risk Engine. Whenever the Risk Engine evaluates this rule, corresponding risk core will be added in case if the rule (Condition) fails.