Risk extractor plugins take the risk context information into account and, based on the configuration, produce one or more flow tags.
- Risk extractor plugin examples (more plugins may be available in the configuration):
- IP Address Range Risk Flow Extractor: produces flow tags based on the client's IP address.
- Typical Geolocation Risk Flow Extractor: produces flow tags based on whether the current geolocation of the client is typical for the user logging in. A geo-location service must be configured for this risk extractor.
- Impossible Journey Risk Extractor: produces flow tags based on the theoretical traveling speed between the current geolocation and the geolocation of the latest login. A geo-location service must be configured for this risk extractor.
- Typical User-Agent Risk Flow Extractor: produces flow tags based on whether the current user-agent HTTP header is typical for the user logging in.
- Anomaly Shield State Risk Extractor: produces flow tags based on the Anomaly Shield state reported by Airlock Gateway (8.0 or later).
- Session Hijacking Notification Risk Extractor: produces flow tags based on the session hijacking notification reported by Airlock Gateway.
- Client Fingerprinting Score Risk Extractor: produces flow tags based on the client fingerprinting score reported by Airlock Gateway
Make sure to place the Risk Assessment Step after the user-identifying step, if it contains risk extractors depending on user data.
- Example:
- The Risk Extractor Step contains the Typical Geolocation Risk Flow Extractor and therefore needs to know who is logging in.
- The Risk Extractor Step is placed after the Username Password Authentication Step.
Other risk extractors, e.g. the IP Address Range Risk Flow Extractor, do not depend on user data at all and may be placed before the user-identifying step.