PingOne

Evaluating staging policy risk data

To test risk policy changes before actually putting them into production, you can create a staging policy that is associated with the risk policy that you are currently using.

Before you begin

Create a staging policy. For more information, see Creating and managing staging policies.

About this task

After creating your staging policy, you can view the risk data to determine how your policy changes affect end users.

To view risk data from a staging policy in the Protect dashboard:

Steps

  1. Go to Monitoring → Threat Protection.

  2. Click the Risk Events graph.

  3. Review the total counts above the default graph, which shows only production event types.

    A screen capture of Risk Event data with only production event types.
  4. Click the Event Types dropdown, and select both the Production and Staging checkboxes.

    Result:

    The graph refreshes to display risk event data from both production and staging risk policies.

  5. Review the updated total counts to see how your staging policy affects each risk level.

    A screen capture of Risk Event data with production and staging event types.
  6. Review the data in the drill-down table.

    Only events that have triggered a specific risk predictor, such as geovelocity anomaly, or have an aggregated risk score of HIGH are shown.

    1. Take note of the Risk Policy column to determine whether each risk event is associated with the production or staging policy. Check risk events specifically from the staging policy and review how the changes you made affect the data.

      A screen capture of risk events.
    2. Scroll across to the Predictors column, and click Details in any risk event row to review the score for each configured predictor and the reason.

      Example:

      If you added the New Device predictor in your staging policy and do not use this predictor in your production policy, a risk event is triggered only in the staging policy when a user signs on with a new device. In the Predictors Details for this risk event, the New Device predictor shows a High score because the device has not been used recently. This allows you to test how your changes to the staging policy might affect users with real-time risk data passed from the production policy.

    A screen capture of the Predictors Details for a risk event.

Next steps

Make any further adjustments to your staging policy if needed. After evaluating your staging policy, you can decide whether to promote the staging policy to production.