Event-based action profile

A different approach to the processing of incoming requests is the event-based approach, where the system reacts to specific events. Such an event can be the presence of a given risk flag, such as the blacklisted country flag. The events are ordered by priority: The first matching rule determines the next authentication step. If no rule matches, the authentication is OK.

You cannot mix this approach with the risk-weight-based setup. All risk-weight configuration will be ignored.

Configuration

You configure the event-based approach in the nevisAdapt Authentication Connector pattern. To enable the event-based approach, set the Profile property to "events". You can find the Profile field in the first tab of the pattern. You define the list of events in the Suspicious Event Configuration field, by adding nevisAdapt Event patterns. The event pattern on top of the list has the highest priority. The Suspicious Event Configuration field is part of the Advanced Settings tab.

You can configure nevisAdapt Event patterns with a single risk event or with a set of combined events. The following sections explain the difference between the two options.

Setup with a single risk event

A nevisAdapt Event pattern with a single risk event matches if the given flag is present. In this case, the system stops matching against the rest of the rules and continues with the configured next authentication step for this flag.

Setup with combined risk events

A nevisAdapt Event pattern with a set of combined events only matches when at least the configured amount of flags in the set are present in the response. Note that such sets of combined events may block the matching against rules that require less flags for a decision. Therefore, the order of priority of the event patterns in the Suspicious Event Configuration field must be well-established.