Each of the standard risk predictors represents a single risk factor. Use composite predictors to combine a number of risk predictors and factors into a single predictor, such as when you're concerned about the use of an anonymous network only when a user location anomaly is also reported.
You decide what level of risk you want to assign when the various conditions defined in the composite predictor are and are not met. Composite predictors can include both the standard predictor types provided and any custom predictors that you have created.
In addition to default and custom predictors, you can include the following risk factors in composite predictors:
- Country
- State
- IP range
- IP domain organization
- Internet service provider (ISP)
- Target application
As an example scenario for using composite predictors, you want the Geovelocity predictor to ignore a long list of IP addresses. The allow list can include up to 400 IP addresses for one predictor. If you need more than 400 IP addresses, you can add another Geovelocity predictor, combine the two predictors in a composite predictor (using the All operator), and add the composite predictor in the risk policy.
After a composite predictor yields a result, you can use the result in the same ways as the results of individual risk predictors:
- You can assign the predictor a score or weight to be used with the other predictors in your risk policy to calculate a final risk level.
- You can define an override that uses the composite predictor so that in cases where the predictor conditions are met, you can directly assign a final risk level and ignore the other predictors in the risk policy.