The following condition is available in the Location category:
Condition type | Plugin | Default condition |
---|---|---|
Abnormal Location (Default) | ||
Restricted Country (Default) |
|
NOTE: The GeoLocationPlugin is associated with this condition and provides important settings. |
Categorized as a Location condition, this type of condition always causes the risk score to increase if the location is determined to be abnormal. The following parameters are available:
Parameter | Description | Associated default condition |
---|---|---|
Identifier |
Enter a name for the condition. |
Abnormal Location (Default) |
Description |
Enter a description for the condition. |
Location failed to conform to previous user or device behavior. |
Maximum Travel Speed |
The kilometers per hour a person or device can travel between access attempts. The travel speed cannot exceed 9999 kilometers per hour. |
1000 |
Also Report Unknown Location |
Select this check box to report an unknown location, such as an anonymous proxy or satellite provider, as abnormal. If this is not selected, an unknown location will not be considered abnormal. |
(Selected) |
The following procedure explains how the Security Analytics Engine checks the location of a user or browser attempting to access an application.
How the Security Analytics Engine checks for an abnormal location
A user attempts to access an application that uses an Abnormal Location condition type to check for abnormal geolocations.
|
NOTE: If there is no user ID or browser ID in the access request, checking the geolocation is not relevant. Therefore, the geolocation is considered normal and the risk score is not affected. |
If the IP addresses are different, the OnDemand Service gets passed the incoming IP address and returns the geographic coordinates of the IP address. The Security Analytics Engine compares the geographic coordinates for the current and last IP address, and calculates the distance between them to ensure that the IP addresses are not separated by a distance deemed impossible to travel within the amount of time between access attempts (that is, the user cannot log in to the application from Canada an hour before logging in from India). If the Security Analytics Engine determines that the distance between IP addresses is possible within the time frame, the geolocation is considered normal and the risk score is not affected.
|
NOTE: If the Security Analytics Engine cannot connect to the OnDemand Service at the time of the access attempt and the Also Report Unknown Location check box is selected, the geolocation is considered abnormal based on the previous steps and the risk score is increased. If the Security Analytics Engine cannot connect to the OnDemand Service at the time of the access attempt and the Also Report Unknown Location check box is cleared, an unknown geolocation is reported as normal and the risk score is not affected. |
|
NOTE: The GeoLocationPlugin is associated with this condition and provides important settings. |
Categorized as a Location condition, this type of condition determines where the request originated from in order to increase or decrease protection for access attempts from specific countries. The following parameters are available:
Parameter | Description | Associated default condition | ||
---|---|---|---|---|
Identifier |
Enter a name for the condition. |
Restricted Country (Default) | ||
Description |
Enter a description for the condition. |
Originated from a country classified as restricted. | ||
Risk Type Value |
Select the impact the condition will have on the risk score:
|
Can increase risk | ||
Country |
From the drop-down list of countries, select the check box for each country to look for during an access attempt. |
3 item(s) selected - Iran, Islamic Republic of; Sudan; Syrian Arab Republic
|
The following procedure explains how the Security Analytics Engine checks the country of the IP address attempting to access an application against a list of countries.
How the Security Analytics Engine checks for a country
Next, the Security Analytics Engine connects with the OnDemand Service to check the location of the access attempt against the list of countries specified for the condition. If the location appears on the list, then the risk score is affected.
|
NOTE: If the Security Analytics Engine cannot connect with the OnDemand Service at the time of the access attempt, the Security Analytics Engine returns false since the country cannot be determined and the risk score is not affected. |
The following conditions are available in the Network category:
Condition type | Plugin | Default condition |
---|---|---|
Dynamic Blacklist (Default) | ||
Whitelist (Default) |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center