Risk score mapping for nevisAdapt
For a proper functioning of the nevisAdapt service, the risk scores are mapped in the riskscore-mapping.properties
file. The complete file path is /var/opt/nevisadapt/conf/riskscore-mapping.properties
.
The scores in the file have been defined by the nevisAdapt team. It is recommended that you do not modify them. To adjust the service to your needs, you can use the analyzer weights in the NevisAdaptAuthState
or the preconfigured profiles in nevisAdmin4.
The section below lists all properties that you can set in the riskscore-mapping.properties
file. These properties correspond with the results of the observations made by the modules in regard to a user's HTTP request. Such observations are, for example, whether the user device is known, private or shared, or whether the request comes from a suspicious or trusted country. By mapping a risk score to a property/result, you express the severity of the security risk represented by this result: The higher the risk score, the higher the risk.
The risk score calculation for a user request is based on the risk score mapping defined in the riskscore-mapping.properties
file. Each user request results in three different risk scores: one for the Device Recognition module, one for the Fingerprint module, and one for the Geolocation module. The module's overall risk score is the sum of the risk scores of the module's analyzers. The maximum possible risk score for a module is "1.0" (as defined in nevisDetect).
For a sample calculation of a risk score, see the chapter Example - Calculating the risk score for the Fingerprint module.
Risk score definitions and default values
NevisAdaptDeviceRecognition
- Analyzer: Device cookie
- Property name: nevisadapt.riskscore.device.unknown
- Default risk score: 0.5
- The user never used this device or browser before.
NevisAdaptDeviceRecognition
- Analyzer: Device cookie
- Property name: nevisadapt.riskscore.device.known
- Default risk score: 0.25
- The user used this device or browser at least once before.
NevisAdaptDeviceRecognition
- Analyzer: Device cookie
- Property name: nevisadapt.riskscore.device.established
- Default risk score: 0
- The user used this device or browser several times before.
NevisAdaptDeviceRecognition
- Analyzer: Device sharing
- Property name: nevisadapt.riskscore.device.private
- Default risk score: 0
- The device or browser is only used by this user.
NevisAdaptDeviceRecognition
- Analyzer: Device sharing
- Property name: nevisadapt.riskscore.device.shared
- Default risk score: 0.3
- Several users share this device or browser.
NevisAdaptDeviceFingerprint
- Analyzer: Fingerprint
- Property name: nevisadapt.riskscore.fingerprint.unknown
- Default risk score: 0.5
- The user never used this device before.
NevisAdaptDeviceFingerprint
- Analyzer: Fingerprint
- Property name: nevisadapt.riskscore.fingerprint.known
- Default risk score: 0.25
- The user used this device at least once before.
NevisAdaptDeviceFingerprint
- Analyzer: Fingerprint
- Property name: nevisadapt.riskscore.fingerprint.established
- Default risk score: 0
- The user used this device several times before.
NevisAdaptDeviceFingerprint
- Analyzer: BrowserFingerprint
- Property name: nevisadapt.riskscore.browser.fingerprint.unknown
- Default risk score: 0
- The user never used this device+browser before.
NevisAdaptDeviceFingerprint
- Analyzer: BrowserFingerprint
- Property name: nevisadapt.riskscore.browser.fingerprint.known
- Default risk score: -0.1
- The user used this device+browser at least once before.
NevisAdaptDeviceFingerprint
- Analyzer: BrowserFingerprint
- Property name: nevisadapt.riskscore.browser.fingerprint.established
- Default risk score: -0.2
- The user used this device+browser several times before.
NevisAdaptDeviceFingerprint
- Analyzer: Fingerprint sharing
- Property name: nevisadapt.riskscore.fingerprint.private
- Default risk score: 0
- The device or browser is only used by this user.
NevisAdaptDeviceFingerprint
- Analyzer: Fingerprint sharing
- Property name: nevisadapt.riskscore.fingerprint.shared
- Default risk score: 0.3
- Several users share this device or browser.
NevisAdaptGeolocation
- Analyzer: Geolocation
- Property name: nevisadapt.riskscore.country.unknown
- Default risk score: 0.5
- The request comes from an unknown country, that is, the user never made a request from this country before.
NevisAdaptGeolocation
- Analyzer: Geolocation
- Property name: nevisadapt.riskscore.country.known
- Default risk score: 0.25
- The request comes from a known country, that is, the user accessed the application at least once before from this country.
NevisAdaptGeolocation
- Analyzer: Geolocation
- Property name: nevisadapt.riskscore.country.established
- Default risk score: 0
- The request comes from an established country, that is, the user regularly accesses the application from this country.
NevisAdaptGeolocation
- Analyzer: Suspicious country
- Property name: nevisadapt.riskscore.country.suspicious
- Default risk score: 0.7
- The request to access the application comes from a suspicious country.
NevisAdaptGeolocation
- Analyzer: Suspicious country
- Property name: nevisadapt.riskscore.country.trusted
- Default risk score: 0
- The request to access the application comes from a trusted/non-suspicious country.
NevisAdaptGeolocation
- Analyzer: IP
- Property name: nevisadapt.riskscore.ip.unknown
- Default risk score: 0.5
- The user never signed in from this IP address before.
NevisAdaptGeolocation
- Analyzer: IP
- Property name: nevisadapt.riskscore.ip.known
- Default risk score: 0.25
- The user signed in from this IP address before.
NevisAdaptGeolocation
- Analyzer: IP
- Property name: nevisadapt.riskscore.ip.established
- Default risk score: 0
- The user signed in from this IP address several times before.
NevisAdaptGeolocation
- Analyzer: IP velocity
- Property name: nevisadapt.riskscore.ipvelocity.unknown
- Default risk score: 0
- No previous activity was found within the defined time threshold.
NevisAdaptGeolocation
- Analyzer: IP velocity
- Property name: nevisadapt.riskscore.ipvelocity.high
- Default risk score: 1
- A new authentication request for the same user but from a different IP address arrived sooner than physically feasible.
NevisAdaptGeolocation
- Analyzer: IP velocity
- Property name: nevisadapt.riskscore.ipvelocity.low
- Default risk score: 0
- The IP velocity of the request was within the configured threshold.
NevisAdaptGeolocation
- Analyzer: IP reputation
- Property name: nevisadapt.riskscore.ipreputation.blacklisted
- Default risk score: 1
- The IP address of the request was found on a configured IP blacklist.
NevisAdaptGeolocation
- Analyzer: IP reputation
- Property name: nevisadapt.riskscore.ipreputation.ok
- Default risk score: 0
- The IP address could not be found on any configured IP blacklist.