| Rules Engine | The Rules Engine is the workflow platform that exists within the Realtime Engine. Each evaluation of rules occurs on an individual Event. This engine can evaluate information and examine if behaviors are crossing the threshold into fraudulent or anomalous behavior. The engine is also responsible for executing any actions as a result of an Event. |
| Mitigate | Mitigation in our platform is when the Realtime Engine takes action against a malicious user by intercepting the request to customer servers and returning a failed response to the attacker. There are many other forms of mitigation; a favorite is the honeypot |
| Honeypot | The Realtime Engine can trap an attacker in a honeypot. This is when the RE fabricates responses that appear to be from the customer's application to confuse attackers. There are many techniques used in honeypotting — the simplest technique is to feign success. Note that the attacker is never successfully logged in or has a successful payment, as honeypotting does not use authenticated credentials. |
| Spec ID | The Spec ID is a unifying ID that links Sessions over time. Sessions end after a period of no interaction from the User. When Users return, the new Session is linked to prior Sessions through the Spec ID. |
| Actions | Actions are performed by the rules engine within the Realtime Engine. These actions can network requests and responses or alert customers when malicious activity is detected. |
| integrations | Integrations are connections from the Realtime Engine to third party sources. These integrations are owned by customers and Spec communicates with these vendors on the customer's behalf. |
| Session | Sessions are collections of Events that are determined to have originated from the same User. |
| Session Labels | Session Labels identify behaviors that are observed over time on the Session. These can be indicative of risky behavior such as "High Velocity Logins", or it could be informational like "Returning Account and IP". |
| Signatures | Signatures are the combination of Session Labels that indicate key risky behaviors. While labels might say "High Velocity Login," a Signature would say "Account Takeover Detected". |
| Event | Events are collections of data fields called Elements. Events occur at a point in time and are matched to the URI, headers, and body of the network message. |
| Element | Elements are the individual data fields that are collected when an Event is observed. Elements are email addresses, payment accounts, transaction amounts, and more. |
| Entity | Data Element that is an identifying piece of information. These values are generally unique, like an email address or a customer ID. In contrast, attributes are values that are generally not unique. Examples of entities are emails, phone numbers, complete addresses, payment accounts, etc. |
| Workflow | Series of rules that examine Elements, Session Labels, and other Event and Session information, and trigger potential Actions. |
| Linked Entities | Linked Entities are those entities that are observed in any other Sessions that share an entity with the current Session under investigation. |
| Risk Rating | Also known as the Session Risk Rating, this value describes the trustworthiness of the Session. As the Session accumulates Events, the Risk Rating is re-evaluated with new information. Sessions are represented as "Malicious Session", "Suspicious Session", and "Normal Session" within the Hub |
| Attribute | Data Element that is not an identifying piece of information. These values are generally not unique or at least less unique. Examples of this include transaction amounts, merchant email addresses, names, etc. |
| Account Take Over | Unauthorized access to user accounts, often via stolen credentials, enabling fraud or data theft. |
| Card Testing | Rapid, automated attempts to validate stolen credit cards using small transactions. |
| Business Events | Business Events are the Events that are of particular significance. These can be logins, payments, address updates, contact information changes, and more. |