This guide will explain the four different types of activities, and what types of interaction is required for each to be populated.

Landings

The landings page shows the initial request to your web app from a browser. The data shown includes:

Destination URL
Connecting IP address and its geolocation
The type of device that made the request(operating system and browser)
Threat flags
Date and time of the request

The available filters include:

Browser type
Operating system type
Date

The threat flags visible on the landings page include:

IP reputation

Pre Verifications

The pre verifications page is populated when an entity submits data to your authentication form. Whether the authentication attempt is successful or not does not matter for the event to show up here. The following information is displayed on this page:

Username
Connecting IP address and its geolocation
The type of device that made the request(operating system and browser)
Threat flags
Date and time of the interaction

The available filters include:

Attempt success status
Username
Browser
Operating system
IP risk type
Country the request originated from
Date

The threat flags visible on the pre verifications page include:

IP reputation
Dark web information for the username and password
Bot detection

Verifications

The verifications page is populated with an event once the successful authentication of an entity is complete. If an entity attempts to authenticate, however fails, the attempt will not show up on the verifications page and instead will only be visible on the pre verifications page. The following information is displayed on verifications page:

Cymatic ID and alias
Connecting IP address and its geolocation
The type of device that made the request(operating system and browser)
Behavioral risks
Threat flags
Date and time of the interaction

The available filters include:

Alias
Browser
Operating system
Date

The threat flags visible on the verifications page include:

IP reputation
Geo-fence
Dark web information for the username and password
Bot detection

There are three behavioral risks categories:

Behavior - When a new profile is created within the Cymatic app, the first five authentication attempts for that profile are used to train our biometrics engine on how the entity interacts with your web app. After the training period is complete, we give a numeric score that represents the difference between the trained user and the user currently interacting with your web app.
Device - This compares the OS and browser currently being used by an entity against what has been used historically by the profile. When a new device is used for the profile, it will initially show as red. Over the next few authentications, if the same new device is used, it will automatically be updated to a trusted device for the user profile.
Geo Area - This risk takes into account geolocation and geo-velocity. When the profile is created, the geolocation the IP address is registered to will be marked as the profile’s expected location. If on future authentications they access the web app from another geolocation, it will show up as a geo event. Over time, if the same new geolocation is used to access the web app, the new area will be added as a trusted location. For geo-velocity, if a profile authenticates from an unexpected location that is geographically far away from the known locations of the profile and within a short amount of time from the last successful authentication attempt, Cymatic will mark it as a geo-velocity event.

Sessions

The sessions page carries the information from the verifications page one step further and combines multiple data points into a single view that is broken up by authenticated sessions. The main sessions page includes the following information:

Session ID
Cymatic ID
Threat flags
Date and time of the interaction

The available filters include:

Status(all, active, or closed)
Date

To show the session details, click on the icon as shown in the image above. The next page that appears provides the information for the selected session. This data includes:

Amount of data analyzed
How many sockets were opened from the browser to your web app
How long the session was active for
Cymatic ID
Connecting IP address and geolocation
Device information
Identity signals
Threat flags
Date and time the session was created
URLs within your app that were accessed during the session
Time spent on each page
Date and time the page was connected to
Date and time the page was left

A green circle next to the session ID on the main sessions page or within an individual session indicates that the session is still active. Clicking on the vertical ellipsis from either page will give the administrator the option to close the active session.
Was this article helpful?
Cancel
Thank you!