How to create a new RiskFort rule ?

Document ID : KB000010595
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Riskfort allows one to create new rules related to ACTIONS such as LOGIN. This document discusses creation of a new rule with an example where the rule fires only when a user has not logged in (performed Risk Evaluate for say 10 minutes). Creation of a new rule requires that the new rule be migrated into Production, this aspect is also discussed below with screenshots.

Background:

This document shows via screen shots how to create a new Riskfort rule that requires step up authentication when a user has not logged in for a specified amount a time. The rule requires Evaluate Risk function after a specified amount of time to return an INCREASEAUTH advice.  

 

 

Environment:
Production
Instructions:
  1. Login as Global Admin using URL -  http://hostname:8080/arcotadmin/adminlogin.htm
  2. Click on the “Organizations” tab and then select the organization for which you want to create the rule for (in this example below – DEFAULTORG)

     

ScreenShot1.jpg

3. Click on “Risk Authentication Configuration” as shown below 

ScreenShot2.jpg

4. Select “Rules and Scoring Management” on the next screen

ScreenShot3.jpg

5. Click on “Add a new rule” 

 

ScreenShot4.jpg

6. On the “Rule Builder” screen below, provide a “Name” “Mnemonic” and “Description” of your choice for the rule.   Then build the new Rule Fragments, as in this case

 

            a. Select  “ACTION”; Select Operator as “VELOCITY”; Specify “Greater Or Equal To:” and “In Last” parameters; “For Set Of Actions:” as “Login”; Click on “Add”

 ScreenShot5.jpg

7. Use the portion of the screen to set your rule (using operators such as AND/NOT/OR) to fire only when no login for 10 minutes. Click on “Create”.

ScreenShot6.jpg

8. Screen below shows that this new rule (NOLOGINFOR10) has been successfully created.

ScreenShot7.jpg

9.  The screen below shows that the created rule is not active and needs to be “Migrated to Production” to be active.

ScreenShot8.jpg

10.  Click on “Migrate to Production” on the screen above then select the Rulesets to migrate and click on “Migrate”

ScreenShot9.gif

11.  Click “Confirm” on the screen below

ScreenShot10.jpg

12. Next screen will announce successful rule creation as shown below.

 

 

ScreenShot11.jpg 

 

13. Refresh the Server Cache via the CA Admin console to make the rule active 

 

ScreenShot12.jpg

 

 

Additional Information:

To test a rule like such one can use the Riskfort Sample Application. In this example a Risk Evaluation once completed would signify a LOGIN. Subsequent LOGIN (Risk Evaluate) if it happens after 10 minutes then a INCREASEAUTH advice would be returned by Riskfort as a step authentication.