000034415 - Adaptive Authentication (On Premise) customer noticed an inconsistency in the numbers between the Policy Summary report and the Risk Factor report.

Document created by RSA Customer Support Employee on Nov 24, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034415
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.1 
IssueAn Adaptive Authentication (On Premise) (AAOP) customer was comparing the number of transactions for the total Challenges for a rule between
the Policy Summary Policy and the Risk Factor report, and noticed that the numbers were different.
ResolutionThe V7.1 Back Office User's Guide, under the section about the Risk Factor report, states the following:
"Unlike the Policy Summary Report, which focuses only on the first rule that fired and had a resulting action, the Risk Factor and Risk Factor Trends Reports focus on all the rules that fired in the chain of rules that allowed or prevented end users from logging on, along with analyzing the risk values of the rules." 
When a transaction is sent to AAOP, the elements of the transaction are compared to the conditions of the rules within the Policy Management.The rules that have conditions which match up with the transaction elements are collected and recorded in the forensic log under &ECAFR. The Operations Guide states the following:
ECAFR = The fired rules for the transaction event.
An example from the forensic log would look like this:
&ECAFR=rule1,rule2,rule3
The rule with the highest priority (lowest order value)  of those rules that match the conditions of the transaction will be the one that is triggered.This rule is recorded in the forensic log under &ECARID. The Operations Guide states the following:
ECARID = The rule IDs for the transaction event.
An example from the forensic log would look like this:
&ECAFR=rule2
  The numbers in the Risk Factor report are based on ECAFR while the numbers in the Policy Summary report are based on the ECARID, which is why numbers for a rule may be different.The Risk Factor report will show the numbers for the rules that were considered, and the Policy Summary report will show the numbers for the rules that were actually triggered.

Attachments

    Outcomes