We have just turned on monitoring under bot control and I am trying to understand the logs.Trying to understand what is done durin the pre-login assessment. I see the following in my logs:
type:“pla”,
description:“Pre-login risk assessment”,
connection_id:“”,
client_id:“XXXXXXX”,
client_name:“XXXXXXX”,
ip:“XX.XX.XX.XX”,
user_agent:“Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36”,
details:
{
ipOnAllowlist:false,
requiresVerification:false},
What exactly is evaluated to determine whether requiresVerification = true/false? Is this the field that determines whether the user gets a captcha or not - assuming we have captcha configured?
Also, from the current successful logins, can I tell which ones would have had CAPTCHA if we had BOT protection on? We need to evaluate potential customer impact before we roll it out.
Bot Detection uses machine learning and our tenant logs to identify patterns and determine the likelihood of an IP address being a Bot. The Bot Detection level can also be adjusted based on a scale of risk tolerance. See Bot Detection.
pla logs are created every time a login page is rendered when the Risk Assessment option is turned on in the Bot detection feature. The attribute requiresVerification exists in the pla logs and shows whether or not the login transactions need a Captcha. See Validate Captcha Enforcement due to Bot Detection with Risky Option Enabled for more information.