This guide explains what a profile is and what data each profile contains.

What is a profile?

A profile is an account that is automatically created in Cymatic once an entity authenticates via your login form. The purpose of the profile is to tie different attributes of the entity together in a single location. Each legitimate username will be assigned a Cymatic ID and its own profile. The username itself is referred to as an alias. The available search filters on the profiles page include the alias and profile creation time.

How are profiles created?

When a new username is identified by Cymatic, a new profile will be automatically created. The first five times the profile passes the verification process, the data is used to train the behavioral engine regarding the biometrics of the entity interacting with the authentication form. After the fifth successful verification, Cymatic will start reporting on the behavioral matching of the entity currently attempting to verify itself versus what Cymatic knows the entity to be from the training period. Cymatic will also learn the devices used by the entity along with the geo area(s) the entity accesses your web application from.

What information does a profile contain?


The sessions page combines multiple data points into a single view that is broken up by authenticated sessions. The main sessions page includes the following information:

Session ID
Threat flags
Date and time of the interaction

To show the session details, click on the icon as shown in the image above. The next page that appears gives all the information for the selected session. This data includes:

Amount of data analyzed
How many sockets were opened from the browser to your web app
How long the session was active for
Cymatic ID
Connecting IP address and geolocation
Device information
Identity signals
Threat flags
Date and time the session was created
URLs within your app that were accessed during the session
Duration on each page
Date and time the page was connected to
Date and time the page was left

A green circle next to the session ID on the main sessions page or within an individual session indicates that the session is still active. Clicking on the vertical ellipsis from either page will give the administrator the option to close the active session.


The verifications page is populated with an event once the successful authentication of an entity is complete. If an entity attempts to authenticate, however fails, the attempt will not show up on the verifications page. The following information is displayed on this page:

Connecting IP address and its geolocation
The type of device that made the request(operating system and browser)
Behavioral risks
Threat flags
Date and time of the interaction


Each device has a unique fingerprint. This allows Cymatic to differentiate devices used to access your web application. These devices can be found here. As an example, if a Windows 10 OS with a Chrome 86 browser is used for verification, and then the same computer is used, however this time with Firefox as the browser, two separate devices will be registered to the devices page.


The locations page geographically shows where the profile has successfully authenticated with your web app from. The map on the page can be manipulated by zooming in and out, scrolling, and can be toggled to full screen view. Other data provided on this page includes times seen, first seen, and last seen for each geographic location the profile has been verified from.


In this section, you will find the IP addresses that the profile has used during successful verifications. Information in this section includes risk level, threat vectors, and the last seen date and time for each IP used.

Password Strength

Password strength is measured against the chosen standard within the credential defense configuration. The first seen and last seen dates are available for each password on this page along with the times each was used and if there are any vulnerabilities associated with the password.


This page lists the percentage match of the behavioral engine between the entity’s current behavior and what Cymatic obtained during the training session for the profile.

Dark Web Usernames

In this section, the username of the profile is displayed along with how many times the profile has logged in with the username, the first time the profile logged in, the last time it logged in, and how many times it has logged in. It will also show the breach count column. If the username has been breached on the dark web, a clickable link is available for more information regarding the breaches.

Dark Web Passwords

This section displays the username of the profile along with how many times the profile password has been breached on the dark web, the first time the profile logged in, the last time it logged in, and how many times it has logged in.
Was this article helpful?
Thank you!