Table 2-1 Risk Rules
Rule |
Description |
---|---|
Cookie Rule |
Use this rule if you want to track login attempts from a browser-based application that has a specific cookie value or name. For example, you have a financial application and a user accessing this application has cookies stored on the browser. If the cookie has a specific value or name, the risk level is low. If the user’s browser has no cookies stored, the risk level is high. |
External Parameters Rule |
Use this rule to consider inputs from external providers to evaluate the risk associated with an access attempt. |
HTTP Header Rule |
Use this rule to track the requests that contain a specific value in the HTTP header. For example, if you want to track HTTP requests containing the custom HTTP header information, you can define the action to be performed on the evaluation of this rule. |
IP Address Rule |
Use this rule to define a condition to track login attempts from an IP address, range of IP addresses, an IP subnet range, or a list of IP addresses from an external provider. For example, if you are aware that login attempts from a specific range of IP addresses are riskier, you can define a rule to watch for such login attempts. When a request originates from the specified IP address range, you can prompt for additional authentication. |
User Last Login Rule |
This rule creates a cookie in the browser after successful additional authentication. Subsequent login verifies this cookie. Use this rule to define the duration for which the cookie is valid. When the cookie is expired, the user is prompted for additional authentication. For example, this rule can be used to evaluate if the user is logging in by using the same browser that was used earlier for a login attempt. You can define the risk level and request additional authentication, as necessary. |
User Time of Login Rule |
Use this rule to define a condition based on the user’s attempts to log in within a specific duration. For example, if the usual login pattern for an employee is between 9 a.m. to 5 p.m., you can define a rule that takes action if the login pattern differs from the observed pattern. |
To configure a rule, perform the following steps:
Click the Risk Rules () icon > plus icon.
Specify the rule name and the description.
Select the preferred type of rule from Choose a Rule Type.
Configure the following rules as required:
For description of these rules, see Table 2-1.
IMPORTANT:A cookie is set when a user authenticates using second-factor authentication. The cookie is not created if the risk is low and the user authenticates using primary authentication method. |
|
|
|
IMPORTANT:The User Last Login cookie is set only when a user is authenticated by using second-factor authentication. This cookie is not created if the risk is assessed to be low and the user authenticates by using the primary authentication method. |
|