Default policies (Essential)
This page documents the default policies for the Essential edition.
Event = login (Users = all)
| Policy | Conditions | Decision |
|---|---|---|
| Check browser and version versus the operating system (OS) name and version | If device browser = Safari and device OS = Android or Windows or Linux |
high |
| Detect jailbreak or rootkit device | If device is rooted | high |
| Detect usual device | If the device was used by the user at least 1 time over the last 5 weeks |
low |
| Detect first time used device | Is the device used for the first time? | medium |
| Detect usual device with authentication method | If the device was used by the user at least 3 times over the last 1 months with authentication method |
low |
| Check the number of failed user authentication | If the user fails to authenticate at least 3 times over the last 1 hours |
medium |
| Check the number of successful user authentication | If the user succeeds to authenticate at least 1 time over the last 1 hours |
low |
| Check the number of consecutive failed user authentication | Did the user consecutively fail to authenticate at least 5 times? |
medium |
| Detect first time user | Is this the first visit for a specific user? | medium |
| Detect change of country | Is the user connecting from a different country than their previous successful authentication over the last 1 hours (include anonymous IP address) |
high |
| Check anonymized IP address | Detect whether the IP address is anonymized by TOR node | high |
Event = new account (Users = all)
| Policy | Conditions | Decision |
|---|---|---|
| Check browser and version versus OS name and version | If device browser = Safari and device OS = Android or Windows or Linux |
high |
| Detect jailbreak or rootkit device | If device is rooted | high |
| Detect usual device | If the device was used by the user at least 1 time over the last 5 weeks |
low |
| Detect first time used device | Is the device used for the first time? | medium |
| Detect usual device with authentication method | If the device was used by the user at least 3 times over the last 1 months with authentication method |
low |
| Check the number of failed user authentication | If the user fails to authenticate at least 3 times over the last 1 hours |
medium |
| Check the number of successful user authentication | If the user succeeds to authenticate at least 1 time over the last 1 hours |
low |
| Check the number of consecutive failed user authentication | Did the user consecutively fail to authenticate at least 5 times? |
medium |
| Detect first time user | Is this the first visit for a specific user? | medium |
| Detect change of country | Is the user connecting from a different country than their previous successful authentication over the last 1 hours (include anonymous IP) |
high |
| Check anonymized IP address | Detect whether the IP address is anonymized by TOR node | high |
