Event Analysis is a tool for fraud agents and customer service agents to investigate specific users, devices, or login events.
- Log in to Control.
- Select Event Analysis .
- Select Username or User ID in the table header to filter/search for a specific username or user ID, and then select Enter. The events are filtered by your search criteria.
Note: Searches are not case sensitive, but they must be exact character matches. Partial searches are not allowed.
- Select the User ID of a single user. Single User shows all past events related to the User ID
- Select the link in the Event Type column of the past event you want to view. Under this section, you can view the username, the account creation date, the decision, the device trust state, device attributes, location, browser, and network.
Note: Username and Account Creation Date are optional integration data elements. If this information is not passed to us at the time of login, this information will not be displayed on screen.
Event Analysis Single Device
From the results under Events Analysis, several options are available to further drill into information for better analysis.
Under Past Events, select the Device ID to display all events and trusted user information for that device.
Login Event Details
- From the Single Device or Single User screen, under Event Type, click Login, if available.
- Login Event Details display. All information is a snapshot of information at the time of the event. If the trust state of the device for the user has changed since the time of the transaction, the change is not reflected in the historical view.
- If the event resulted in a Challenge or a Block, click View Policies to display all policies that caused the Challenge or Block.
- If the decision was Allow, no policies are displayed.
- In the Information pane, click Expand All to display the details of the Device Attributes, Location, Browser, and Network at the time of the login event.
Failed Attempt Details
- From the Single Device or Single User screen, under Event Type, click Failed Attempt, if available.
- The Failed Attempt Event Details screen shows information about the failed login attempt. If the failed login attempt was due to the username not being on record for the company, the User ID is blank.
Trusted Device Manager
The Trusted Device Manager allows Portal users to add and modify a trust state for a user’s device. All devices that an end user has logged in with be displayed either in Known Trust States or Unknown Trust States.
- To add a device to Known Trust States, click + and enter the trust state. Optionally, you can add a friendly name. If not, one will be added by the system.
- To modify a trusted device, click the Edit icon and make any desired changes.
Note: Modifying the trust state of a device does not change the Past Events view — it only affects future events.