Skip to content

Alert Types

By default WSO2 IS is capable of triggering alerts for the following situations.

Suspicious Login

  • Reason for Triggering : A successful login after a particular number of failed login attempts during a given time interval.
  • Indication : A sudden change in the level of access granted to a specific user Id that indicates the need for further investigation.
  • Alerting Logic : An alert is sent if a user successfully logs in after a specific number of failures. These failures can be due repeatedly entering the following:

    • Same incorrect username

    • Same incorrect user store

    • Same incorrect tenant domain

Long Sessions

  • Reason for Triggering : The session duration of a specific user exceeds a predefined time duration.
  • Indication : The user is engaged in unauthorized activity.
  • Alerting Logic : An alert is sent if,

    • The duration of a session exceeds the predefined session duration

    • The duration of a session exceeds the average session duration calculated for a predefined time interval. This time interval is specified as the last n days, e.g., last 7 days.