Tags allow you to send custom information with the Kount Control Login Decision. Tags are user-defined text fields used while creating Profiles or Policies. Tags that are associated with a Policy or Profile that is evaluated as true, are sent with the API response. Tags are also included in Dashboard reports and can be used as a way to sort and filter data.
Managing Tags
To navigate to the Tags page, select Decision Manager , and then click Tags. From this page, you can view, create, edit, and delete tags. The Tags list shows you when a tag was last edited and the number of policies and profiles assigned to it.
Creating a tag
- Click Create Tags.
- Enter a name for your tag in Tag Name. If you decide not to create a new tag, click Cancel or All Tags.
Note: Use a minimum of three characters for tag names.
- Click Save Tag.
Note: You cannot have more than 500 tags. To reduce the number of tags you currently have, refer to Deleting a tag.
Editing a tag
- Click the edit button
. The Edit Tag page displays. The Edit Tag page allows you to:
- Change the name of the tag by replacing the existing name.
- Remove a policy from a tag by clicking the remove button
.
- Delete the tag by clicking the delete button
.
- Click Save Tag.
Deleting a tag
To delete a tag, click the delete button in the Quick Actions column.
API Response
When a decision is returned through API, all tags associated to the Profile and Policies that evaluated as true are within the Tags block. Refer to "tags" in the following code example:
{
"decision": "Allow",
"deviceId": "71dd0ae7bf684fde81ecfbeb50******",
"matchedToDevice": "Device not found",
"sessionId": "a5312b830b2a4b50a37e3c74f0******",
"tags": [
"US_Regulated_Region",
"Subscription"
],
"userProfile": "Subscriber"
}
Frequently Asked Questions
What are some use cases for Tags?
There are various use cases for tags, many of them dependent on your organization and how you use data from the Kount Login API. The following are examples of how tags might be used:
- Assigning tags to inform a businesses internal system to know what type of multifactor authentication to use. If the risk is high, the multifactor might be very secure, whereas if the risk is low, a simple captcha or other method could be employed.
- Assigning a tag to know that a login event was from a certain region.
- Assigning a tag to allows an Ops team to investigate potential high risk IP addresses or IP Organizations.
Other use cases
Tags are often used so to get actionable information (like the number of excessive failed attempts or alerting to a scripted attack) into the customer's system.
Excessive failed attempts
For example, a customer wants to know when the number of failed attempts for their login exceeds the bounds of normal operations; and they want Security Operations to be notified through their alerting system. To do so, the customer would:
- Create a Policy counting the number of failed attempts from an IP address when it exceeds their threshold for a given hour and set the Policy to apply no decision
- TAG the policy “failedIPThreshold”
- Set their Splunk to send an alert when it sees the text “failedIPThreshold” accompanying a Kount Control response
Alerting for a scripted attack
A customer wants to be able to alert their Security Operations when they are seeing the signs of a scripted attack. The customer adds a tag to the velocity the Network Operations Center (NOC) wants to watch, and then that tag is sent back with the login API response. Their internal alerting system picks up the tag and alerts Security Operations.
Comments
0 comments
Please sign in to leave a comment.