UserContextAwareRiskCondition
User context aware risk condition policy apply risk level based on examining patterns of certain user-specific data. This data track user behavior and are gathered by the RBA Data Collector for statistical computations.
Type (required)
The type of risk condition according to the data that it stores and evaluates when this condition is called.
-
Allowed Values:
-
RESOURCE_SENSITIVITY -
TIME_RANGE -
IP_RANGE -
PROTOCOL_HEADER -
USER_ATTRIBUTE -
CALLOUT -
LOGIN_INTERVAL -
LOGIN_FAILURES -
USER_CONTEXT_AWARE
-
Risk level
The risk level is a number added to a request when a condition evaluates to true. The higher the risk level number, the bigger the threat.
Do negate result after evaluation
Whether or not the condition is evaluated and the result is then negated, which results in an opposite condition. This option is useful, for example, when specifying complements of data ranges. This option has no effect for following types of conditions: callouts conditions, resource sensitivity conditions, user-context-aware conditions.
Do assign risk level if condition can’t be evaluated
Whether or not the risk level specified for this condition is used even when the condition cannot be evaluated from either insufficient information in request or user data or due to an application error. The risk level is not processed for USER_CONTEXT_AWARE, LOGIN_FAILURES, LOGIN_INTERVAL and USER_ATTRIBUTE conditions if there is no server subject. This option has no effect for following types of conditions: resource sensitivity conditions, user-context-aware conditions.