This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Alert Types

Owned by Former user (Deleted)
Jan 11, 2018
2 min read

The following alert types are currently supported for WSO2 Identity Server

Suspicious login detection

Reason for Triggering A successful login attempts by a user after a defined number of failed attempts during a defined time interval.
IndicationThere is a sudden change in the level of access granted to a specific user ID, and the reason needs to be investigated.
Description

This alert can be triggered by a user making a successful login attempt after a specific number of failures within a defined time duration using one of the following.

  • The same username used in the failed attempts.
  • The same context ID used in the failed attempts (the user name can be the same or different).
  • The same remote IP used in the failed attempts (the user name and the context ID can be the same or different).

Long sessions

Reason for TriggeringThe session duration of a specific user exceeds a particular time duration. 
IndicationThe user may be engaged in unauthorised activity.
Description

A login can be considered suspicious if one of the following criteria is met.

  • If the duration of a session exceeds the duration session specified by you.
  • If the duration of a session exceeds the average session duration calculated for a time interval specified by you. This time interval is specified as the last n days (e.g., last 10 days).