Skip to main content
Version: 7.2402.x.x RR

Risk score propagation

Some use cases require the propagation of the nevisDetect risk scores to the application, for every HTTP request. For such cases, nevisDetect can be configured to propagate the risk score information via the header of the HTTP request.

To propagate risk scores in the request header, set the communication mode of the nevisDetect application to Synchronous.

  • See the nevisDetect User Guide for instructions.

  • For more information on the various communication modes, see the chapter Communication mode in this guide. The request header can contain the following information about nevisDetect risk scores:

  • The header X-DETECT-Propagation contains the status of the risk score propagation itself. Possible values are:

    • OK: The risk score propagation was successful.
    • TIMEOUT: The risk score propagation was not successful due to a time-out.
    • ERROR: The risk score propagation was not successful due to any kind of error.

  • The header X-DETECT-Processing contains the status of the HTTP request processing. Possible values are:

    • PROCESSED: The HTTP request has been processed by at least one plug-in. This means that the HTTP request contains data that is relevant for at least one detection technology.
    • IGNORED: The HTTP request contains no data that is relevant for any detection technology.
    • FAILED: Any kind of error happened during the processing of the HTTP request.

  • The header X-DETECT-Trained contains a flag if all detection technologies consider the user as trained.

  • The header X-DETECT-NORMALIZED-RISKSCORE contains the normalized risk score.

  • The header X-DETECT-<plug-in risk score>-RISKSCORE contains the plug-in risk score with the name <plug-in risk score>.

  • The header X-DETECT-<plug-in risk score>-CONFIDENCE contains the plug-in confidence with the name <plug-in risk score>.

All relevant information is collected in a single request header X-DETECT-Status with the following numerical status codes:

  • 1 means X-DETECT-Propagation=OK and X-DETECT-Processing=PROCESSED and X-DETECT-Trained=true
  • 2 means X-DETECT-Propagation=ERROR and X-DETECT-Processing=FAILED
  • 3 means X-DETECT-Propagation=TIMEOUT
  • 4 means X-DETECT-Propagation=OK and X-DETECT-Processing=IGNORED
  • 5 means X-DETECT-Propagation=OK and X-DETECT-Processing=PROCESSED and X-DETECT-Trained=false