Tags allow you to send custom information with the login or orders decision. Tags are user-defined text fields added when creating segments or policies and can be used to sort and filter data. Tags associated with a policy or segment that is evaluated as true are sent with the API response. You can view tags on the dashboard and in order details.
Note
To create a custom dashboard layout and add the Tags widget, refer to Adding a Widget to a Dashboard.
There are various use cases for tags, many of them dependent on your organization and how you use data from the Login API. Use cases include:
-
Assigning tags to inform an internal system about the type of multifactor authentication to use. If the risk is high, then multifactor authentication can be employed. If the risk is low, a CAPTCHA or other method can be employed.
-
Assigning a tag to know that a login event was from a certain region.
-
Assigning a tag to allow an investigation for a potential high-risk IP addresses or IP Organizations.
-
Assigning tags to trusted devices and then using the tag match condition in Payments Fraud to evaluate if the device is not trusted during the login process.
When a decision is returned through API, all tags associated to the segments and policies that evaluated as true are listed in the "tags"
section of the returned code.
API response example:
{ "decision": "Allow", "deviceId": "71dd0ae7bf684fde81ecfbeb50******", "matchedToDevice": "Device not found", "sessionId": "a5312b830b2a4b50a37e3c74f0******", "tags": [ "US_Regulated_Region", "Subscription" ], "userProfile": "Subscriber" }
You can create a tag for various use cases by performing the following steps:
-
Sign in to Kount 360.
-
Select Policy Management.
-
Select Tags.
-
Select New Tag.
-
Enter a name for the tag.
The tag name must be more than three alphanumeric characters and can contain underscores.
-
Select Save.
After creating a tag, you can assign them to a policy or segment in their respective sections in Policy Management.
You must remove the tag from all policies or segments that it is assigned to before deleting it.
Note
If the tag is assigned to a policy or segment, you cannot delete the tag and a prompt will appear.
A customer wants to know when the number of failed attempts for their login exceeds the bounds of normal operations. They also want Security Operations to be notified through their alerting system. To implement this use case:
-
Sign in to Kount 360.
-
Select Policy Management.
-
Select Policies.
-
Create a policy that counts the number of failed attempts from an IP address when it exceeds their threshold for a given hour.
-
Select No Change as the outcome.
-
Select Save Changes.
-
Go to Tags and create a tag labeled failedIPThreshold.
-
Select Policies.
-
Edit the policy you created and assign the failedIPThreshold tag.
-
Save the changes.
-
Set Splunk to send an alert when it finds the tag in the API response.
A customer wants to be able to alert their Security Operations when they are seeing the signs of a scripted attack. The customer adds a tag to the velocity that the Network Operations Center wants to watch, and then that tag is sent back with the login API response. Their internal alerting system picks up the tag and alerts Security Operations.
Comments
0 comments
Article is closed for comments.