Pre Login Assessment

Hi,

We have just turned on monitoring under bot control and I am trying to understand the logs.Trying to understand what is done durin the pre-login assessment. I see the following in my logs:

  • type:“pla”,
  • description:“Pre-login risk assessment”,
  • connection_id:“”,
  • client_id:“XXXXXXX”,
  • client_name:“XXXXXXX”,
  • ip:“XX.XX.XX.XX”,
  • user_agent:“Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36”,
  • details:

{

  • ipOnAllowlist:false,
  • requiresVerification:false},

What exactly is evaluated to determine whether requiresVerification = true/false? Is this the field that determines whether the user gets a captcha or not - assuming we have captcha configured?

Also, from the current successful logins, can I tell which ones would have had CAPTCHA if we had BOT protection on? We need to evaluate potential customer impact before we roll it out.