Client asks for list of implicit rules not visible in Backoffice
Implicit Rule List
| Rule id | Rule description (as appears in CM) | Detailed description & comments |
| rsa.implicit.0000001 | RSA Implicit Case Sampling | Old case sampling rule - depreceated |
| rsa.implicit.0000002 | RSA Implicit Case Sampling | Manual case sampling - an RSA fraud analyst decided to sample a case |
| rsa.implicit.0000011 | RSA Implicit Back Coloring - IP | Back coloring from fraud confirmed - linked based on an IP - distance of 1 = either same IP or same user id as previously confirmed fraud |
| rsa.implicit.0000012 | RSA Implicit Back Coloring - IP | Back coloring from fraud confirmed - linked based on an IP - distance of 2 = fraud confirmed user - other transaction on same user coming from a new device - then the current transaction has the same IP as the other transaction |
| rsa.implicit.0000021 | RSA Implicit Back Coloring - device fp | Back coloring from fraud confirmed - linked based on an device fingerprint #1 - distance of 1 = same device fingerprint #1 as fraud confirmed |
| rsa.implicit.0000022 | RSA Implicit Back Coloring - device fp | Back coloring from fraud confirmed - linked based on an device fingerprint #2 - distance of 1 = same device fingerprint #2 as fraud confirmed |
| rsa.implicit.0000023 | RSA Implicit Back Coloring - device fp | Back coloring from fraud confirmed - linked based on an device fingerprint #3 - distance of 1 = same device fingerprint #3 as fraud confirmed |
| rsa.implicit.0000030 | RSA Implicit EFN | Back coloring from client supplied EFN list - same IP as client supplied bad IP list |
| rsa.implicit.0000031 | RSA Implicit EFN IP | Back coloring from EFN IP list - IP was reported into the EFN (so it was reported as fraud on another client of RSA), but only after the transaction was conducted on the current client |
| rsa.implicit.0000032 | RSA Implicit EFN payee | Back coloring from EFN payee list - payee was reported into the EFN (so it was reported as fraud on another client of RSA), but only after the transaction was conducted on the current client |
| rsa.implicit.0000033 | RSA Implicit EFN device fp | Back coloring from EFN device fingerprint list - device fingerprint was reported into the EFN (so it was reported as fraud on another client of RSA), but only after the transaction was conducted on the current client |
| rsa.implicit.0000040 | RSA Implicit Bait | Bait user tried to login - automatically marked as fraud |
| rsa.implicit.00001nn | RSA Implicit Case Sampling - nn users within mm minutes | NN users logged in on the same IP address within mm minutes. All of those users came from a small number of device prints, and all of them did not have history of coming from the IP print and/or the device print |
| rsa.implicit.00002nn | RSA Implicit Case Sampling - nn users within mm minutes | NN users logged in on the same device fingerprint within mm minutes. All of them did not have history of coming from the IP print and/or the device print |
| rsa.implicit.0000800 | RSA Implicit Cross Channel | Offline cross channel fraud model |
0000102 ? RSA IP Sampling - 2 users on same IP
0000103 ? RSA IP Sampling - 3 users on same IP
0000104 ? RSA IP Sampling - 4 users on same IP
0000105 ? RSA IP Sampling - 5+ users on same IP
0000302 ? RSA Cookie Sampling - 2 users on same Cookie
0000303 ? RSA Cookie Sampling - 3 users on same Cookie
0000304 ? RSA Cookie Sampling - 4 users on same Cookie
0000305 ? RSA Cookie Sampling - 5+ users on same Cookie
0001105 ? RSA New Account IP Sampling - 5+ users on same IP
All the above are implicit rules with similar logic: nn users logged in on the same IP address/Cookie within mm minutes. All of those users came from a small number of device prints, and all of them did not have history of coming from the IP print and/or the device print.
Related Articles
Provisioning-Termination Rule fails to filter on Custom Attributes that have the same Display Names across Multiple Object… Number of Views Poor performance when processing SoD Rules that use a Correlation Attribute in RSA Identity Governance & Lifecycle Number of Views Create list of users who have not logged into RSA Authentication Manager 8.x for a specific period of days Number of Views Error "Reference resolution: Invalid user type attribute information. Specified user references couldn't be resolved." is … Number of Views Cannot See Rules in the Admin Console Rules List of RSA Web Threat Detection Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Enable SSH from a console connection if the Operations Console is not available for RSA Authentication Manager 8.x RSA MFA Agent 2.4.3 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8
