Analyst Station

Objective

This guide presents instructions on how to get started with F5 Distributed Cloud Analyst Station.


Prerequisites

  • You must have a valid Volterra Account. If you do not have an account, see Create a Volterra Account.
  • Analyst Station should be enabled by an F5 Account Protection Manager.
  • To use Analyst Station, your enterprise must be integrated with F5 Distributed Cloud Account Protection.

Getting Started with Analyst Station

Step 1: Access Analyst Station.
  • In the VoltConsole Home Page, click Account Protection.

select analyst station new
Figure: Select Analyst Station

The Transactions Summary is displayed.

transactions summary new
Figure: Transactions Summary

By default, a list of transactions that Account Protection has determined to be suspicious is displayed. However, you can filter the display settings for the Transactions Summary so that transactions that are blocked or allowed by Account Protection are also displayed. For instructions on how to filter the display settings, click here.

Step 2: View details on a detected suspicious transaction.
  • In the Transaction Summary, click on the Transaction ID of the transaction you want to view.

select transaction
Figure: Select a Transaction ID

  • When you click on the Transaction ID, the Transaction Details screen is displayed.

transaction details mw widget
Figure: Transaction Details

In this screen, you can view the following useful information about the transaction:

  • Summary: Shows the risk score, the recommendation from Account Protection for this transaction, and the fraud reasons for that recommendation.
  • Event: Shows the time at which the transaction occurred, the name of the location in the web application from where the transaction occurred, and the URL of the web page where the transaction occurred.
  • User Session: Shows the User Session that the current transaction is a part of. A User Session is a set of transactions that share the same Session ID and Device ID within a 48-hour time period. You can see the Transaction ID and fraud reasons for the other transactions in the User Session by clicking on them.
  • Account: Shows the Account ID associated with this transaction.
  • Device: Shows the Device ID of the web browser from where the transaction was initiated, the channel of the transaction (either web or mobile), and the type and version of the web browser (User Agent) from where the transaction was initiated.
  • Malicious Activity Details: Lists malicious activity (such as malicious script injection or violation of page integrity) detected during the transaction and any relevant details.
  • Network: Shows the IP of the location from where the transaction was initiated, the Autonomous System Number (ASN) associated with the transaction, and actual physical location where the transaction occurred.

You can also provide feedback to Account Protection on the transaction, where you report that you understand the transaction to be fraudulent, the user session to be fraudulent, or that the transaction is not fraudulent. For instructions on sending feedback to Account Protection, click here.