Analyst Station

Objective

This guide presents instructions on how to get started with F5 Distributed Cloud Analyst Station.


Prerequisites


Getting Started with Analyst Station

Step 1: Access Analyst Station.
  • In the XC Console Home Page, click Account Protection.

select analyst station new
Figure: Select Analyst Station

The Analyst Station dashboard is displayed.

transactions summary
Figure: Analyst Station Dashboard

By default, the Analyst Station dashboard lists transactions that Account Protection has assigned the status of Review or Challenge. However, you can filter the display settings so that transactions with the status Block or Allow are also displayed. For instructions on how to filter the display settings, click here.

Step 2: View a transaction's details.
  • In the Analyst Station dashboard, click on the Transaction ID of the transaction you want to view.

select transaction
Figure: Select a Transaction ID

  • When you click on the Transaction ID, the Transaction Details screen is displayed.

transaction details new
Figure: Transaction Details

In this screen, you can view the following useful information about the transaction:

  • Risk Summary: Shows the risk score, the recommendation from Account Protection for this transaction, user feedback (if provided), and the fraud reasons for that recommendation.
  • About Transaction: Shows the Transaction ID, the time at which the transaction occurred, the name of the event type that indicates the location in the web application from where the transaction occurred, and the URL of the web page where the transaction occurred.
  • User Session: Shows the User Session that the current transaction is a part of. A User Session is a set of transactions that share the same Session ID and Device ID within a 48-hour time period.
  • Associated IDs: Shows the Account ID associated with this transaction, the Device ID of the web browser from where the transaction was initiated, the channel of the transaction (either web or mobile), and the type and version of the web browser (User Agent) from where the transaction was initiated
  • Malicious Activity Details: Lists malicious activity (such as malicious script injection or violation of page integrity) detected during the transaction and any relevant details.
  • Network: Shows the IP of the location from where the transaction was initiated, the Autonomous System Number (ASN) associated with the transaction, and actual physical location where the transaction occurred.

You can also provide feedback to Account Protection on the transaction, where you report that you understand the transaction to be fraudulent, the user session to be fraudulent, or that the transaction is not fraudulent. For instructions on sending feedback to Account Protection, click here.