Account Protection
Objective
This guide presents instructions on how to get started with F5 Distributed Cloud Account Protection.
Prerequisites
- You must have a valid F5 Distributed Cloud Account. If you do not have an account, see Create F5 Distributed Cloud Services Account.
- Account Protection should be enabled by an F5 Account Protection Manager.
- Your enterprise must be integrated with F5 Distributed Cloud Account Protection.
Getting Started with Analyst Station
Step 1: Access Account Protection.
- In the XC Console Home Page, click
Account Protection
.
Figure: Select Account Protection
The Analyst Station dashboard is displayed.
Figure: Analyst Station Dashboard
By default, the Analyst Station dashboard lists transactions that Account Protection has assigned the status of Review or Challenge. However, you can filter the display settings so that transactions with the status Block or Allow are also displayed. For instructions on how to filter the display settings, click here.
Step 2: View a transaction's details.
- In the Analyst Station dashboard, click on the
Transaction ID
of the transaction you want to view.
Figure: Select a Transaction ID
- When you click on the Transaction ID, the Transaction Details screen is displayed.
Figure: Transaction Details
In this screen, you can view the following useful information about the transaction:
- Risk Summary: Shows the risk score, the recommendation from Account Protection for this transaction, user feedback (if provided), and the fraud reasons for that recommendation.
- About Transaction: Shows the Transaction ID, the time at which the transaction occurred, the name of the event type that indicates the location in the web application from where the transaction occurred, and the URL of the web page where the transaction occurred.
- User Session: Shows the User Session that the current transaction is a part of. A User Session is a set of transactions that share the same Session ID and Device ID within a 48-hour time period.
- Associated IDs: Shows the Account ID associated with this transaction, the Device ID of the web browser from where the transaction was initiated, the channel of the transaction (either web or mobile), and the type and version of the web browser (User Agent) from where the transaction was initiated
- Malicious Activity Details: Lists malicious activity (such as malicious script injection or violation of page integrity) detected during the transaction and any relevant details.
- Related Sessions: Lists other user sessions related to the current Transaction ID.
- Location and IP Address: Shows the IP of the location from where the transaction was initiated, the Autonomous System Number (ASN) associated with the transaction, and actual physical location where the transaction occurred.
You can also mark the transaction as Fraud or Not Fraud and block the Account ID and/or Device ID associated with this transaction. For instructions on marking the transaction as Fraud or Not Fraud, click here. For instructions on blocking the Account ID and/or Device ID, click here.