Each of the standard risk predictors represents a single risk factor. Use composite predictors when you are interested in combining a number of risk predictors into a single predictor, such as when you're concerned about the use of an anonymous network only when a user location anomaly is also reported.
You decide what level of risk you want to assign when the various conditions defined in the composite predictor are met. Composite predictors can include both the standard predictor types provided and any custom predictors that you have created.
For each set of conditions you create, you can specify whether:
- All must be true.
- It's enough for one to be true (Any).
- None can be true.
You can also nest sets of conditions.
In addition to taking into account the results of multiple individual risk predictors, you can include conditions that relate to the total number of predictors in a policy that were low risk, medium risk, or high risk.
For example, you can create a composite predictor that specifies that the predictor should get a result of high risk if any of the following conditions are true:
- IP reputation is high risk
- IP Velocity is high risk
- Any three predictors in the policy being evaluated are found to be high risk
After a composite predictor yields a result, you can use the result in the same ways as the results of individual risk predictors:
- You can assign the predictor a score or weight to be used with the other predictors in your risk policy in order to calculate a final risk level.
- You can define an override that uses the composite predictor so that in cases where the predictors' conditions are met, you can directly assign a final risk level and ignore the other predictors in the risk policy.