Configuring predictors - PingOne Services - PingOne - PingOne Cloud Platform

Configuring predictors - PingOne Services - PingOne - PingOne Cloud Platform - PingOne Protect

PingOne Cloud Platform

bundle

pingone

ft:publication_title

PingOne Cloud Platform

Product_Version_ce

PingOne

PingOne Cloud Platform

category

Administratorguide

ContentType

Guide

Product

Productdocumentation

p1cloudplatform

ContentType_ce

Guide

Product documentation

Guide > Administrator Guide

You can configure and edit details and configuration settings for out-of-the-box, custom, and composite predictors at any time.

Most of the predictor types allow you to define a Fallback Predictor Decision Value. This is the risk level that should be assigned to the predictor if there is insufficient information to calculate the risk level. This can occur for a number of reasons, such as:

The predictor is still in the training period.
The basic information required cannot be obtained, for example, the location of the user.

To configure and edit a predictor:

In the PingOne console, go to Threat Protection > Predictors.
Click the predictor type, and then click the specific predictor that you want to edit.

To edit predictor details and configuration settings:

To edit Display Name and Description:
1. Click the More Options (⋮) icon.
2. Click Rename.
To edit configuration settings:
1. Click the Pencil icon.
2. Edit any of the following as needed:

Predictor	Settings
Adversary-in-the-Middle (AitM)	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level. Use the Domain Allow List field to provide a comma-separated list of the domains that are legitimate for your resources. These will be compared with the domains your users are trying to access to verify that they were not the target of phishing attempts. If you do not specify one or more domains, PingOne Protect sets a short learning period to learn the domains that your users are accessing, and these domains will be added to the allow list. The learned domains will be displayed under Domain Allow List.
Anonymous Network Detection	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level. In the Allow List field, enter the IP addresses for which anonymous network considerations should be ignored. This should be one or more ranges of IP addresses in CIDR format, separated by commas, for example, `1.1.1.1/24, 1.1.2.1/12`. For IP addresses in IPv4 format, you can use IP ranges. For IP addresses in IPv6 format, you must add each addressto the list individually.
Bot Detection	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.
Email Reputation	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.
Geovelocity	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level. In the Allow List field, enter the IP addresses for which anonymous network considerations should be ignored. This should be one or more ranges of IP addresses in classless inter-domain routing (CIDR) format, separated by commas, for example, `1.1.1.1/24, 1.1.2.1/12`. For IP addresses in IPv4 format, you can use IP ranges. For IP addresses in IPv6 format, each address must be added to the list individually.
IP Reputation	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level. In the Allow List field, enter the IP addresses for which anonymous network considerations should be ignored. This should be one or more ranges of IP addresses in CIDR format, separated by commas, for example, `1.1.1.1/24, 1.1.2.1/12`. For IP addresses in IPv4 format, you can use IP ranges. For IP addresses in IPv6 format, each address must be added to the list individually.
IP Velocity	Note: You cannot configure settings for the IP Velocity predictor.
New Device	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level. Use the Activation Date field to specify a date when the learning process for the predictor should be restarted. This can be used in conjunction with the fallback setting to force strong authentication when moving the predictor to production. Note: Activation Date uses UTC time.
Suspicious Device	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.
User Location Anomaly	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level. Enter the radius Distance and select the Measurement units (miles or kilometers).
User-Based Risk Behavior	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.
User Risk Behavior	Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.
User Velocity	Note: You cannot configure settings for the User Velocity predictor.

Click Save.