|Applies To||RSA Product Set: Adaptive Authentication (OnPrem)|
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
|Notes||From the documentation:|
Fact Name = Device IP is Diff from Event IP
Previous Fact Name = sourceIPNotCookieIP
Type = Boolean
Description = Specifies whether the IP address of the device(represented by this cookie) is different from the IP address of the event.
Q1) What exactly is the “Event IP”? It is not mentioned anywhere else in the documentation.
Q2) Does event IP identify the source of the service call where client IP identifies the actual client?
We can define Device IP and Event IP as:
Where would you use this fact? Under what conditions would client IP and event IP be different? Are they always supposed to be the same and this fact detects cookie tampering?
This fact tells whether those 2 IP addresses are the same or not. So there are multiple scenarios where this information can be useful.
Having that the Device IP is the IP address stored in the device cookies (associated to the Device record stored in the desktops table), this information can change on multiple situations. Some of them are:
Some of these situations contain a high risk of fraud, or are detected as fraudulent. So this fact can be triggered under these and any other circumstances where there IP addresses are different.