Account Protection


This guide presents instructions on how to get started with F5 Distributed Cloud Account Protection.


Getting Started with Analyst Station

Step 1: Access Account Protection.
  • In the XC Console Home Page, click Account Protection.
select analyst station new
Figure: Select Account Protection

The Analyst Station dashboard is displayed.

updated dashboard
Figure: Analyst Station Dashboard

By default, the Analyst Station dashboard lists transactions that Account Protection has assigned the status of Review or Challenge. However, you can filter the display settings so that transactions with the status Block or Allow are also displayed. For instructions on how to filter the display settings, click here.

Step 2: View a transaction's details.
  • In the Analyst Station dashboard, click on the Transaction ID of the transaction you want to view.
select trans id
Figure: Select a Transaction ID
  • When you click on the Transaction ID, the Transaction Details screen is displayed.
trans details new
Figure: Transaction Details

In this screen, you can view the following useful information about the transaction:

  • Risk Summary: Shows the risk score, the recommendation from Account Protection for this transaction, user feedback (if provided), and the fraud reasons for that recommendation.
  • About Transaction: Shows the Transaction ID, the time at which the transaction occurred, the name of the event type that indicates the location in the web application from where the transaction occurred, and the URL of the web page where the transaction occurred.
  • User Session: Shows the User Session that the current transaction is a part of. A User Session is a set of transactions that share the same Session ID and Device ID within a 48-hour time period.
  • Associated IDs: Shows the Account ID associated with this transaction, the Device ID of the web browser from where the transaction was initiated, the channel of the transaction (either web or mobile), and the type and version of the web browser (User Agent) from where the transaction was initiated
  • Malicious Activity Details: Lists malicious activity (such as malicious script injection or violation of page integrity) detected during the transaction and any relevant details.
  • Related Sessions: Lists other user sessions related to the current Transaction ID.
  • Location and IP Address: Shows the IP of the location from where the transaction was initiated, the Autonomous System Number (ASN) associated with the transaction, and actual physical location where the transaction occurred.

You can also mark the transaction as Fraud or Not Fraud and block the Account ID and/or Device ID associated with this transaction. For instructions on marking the transaction as Fraud or Not Fraud, click here. For instructions on blocking the Account ID and/or Device ID, click here.