6-4 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager Click the Session ID, User Name, Device ID, IP Address, Location, and Alert Message to open the corresponding details pages to view additional information. State State ID. The State list is dynamically populated with respect to what has been selected for Country. For example, if United States is selected, whatever states are available for that country are shown under States. City City ID. The City list is dynamically populated with respect to what has been selected for in Country and State. IP Range Range of IP addresses Login Time The time the customer logged in to perform the transaction. For example, 51109. Note: If the checkpoint is not run, the Pre-Authentication or Post-Authentication displays a score of -1. Table 6–2 Search session results To open the Details page Click this link Session Details page Session ID link Click the Session ID link from the sessions listing or other pages to open the corresponding Session Details page, which shows consolidated information about the session. Alert Details page Alert message links from other pages session details, other detail pages, and Agent pages Click the alert message links from other pages session details, other detail pages, Agent pages to open the Alert Details page. The Alert Details page provides information on the message, level, type of the message and cross references on other data types such as user, device, location, sessions, browser, operating system, locales, and others. Additionally, information is provided about the wayways in which the alert were generated. User Details page User Name or UserID links from other pages Click the User Name or UserID links from other pages to open the User Details page, which shows additional details regarding that user. Device Details page Device ID link in the session details or other listing pages Click the Device ID link in the session details or other listing pages to open the corresponding details page. This page displays details for a device including cross references on other data types such as user, location, alerts, browser, sessions, full list of fingerprint data, and so on. Table 6–1 Cont. Session Search Filters Filters Description Viewing Additional Details for Investigation 6-5 You can launch a details pages from another details page, up to a maximum of 10 tabs. The details page tabs also contain hyperlinked parameters, which can launch the details pages.

6.5 Export Sessions to Excel

An export option is available on details pages and tabs for exporting sessions information to Excel. To export sessions information for further investigation: 1. In the details page or tab, search for and select the sessions to export.

2. Click the Export to Excel button.

3. Click Save File or Open with and click OK.

The Excel sheet shows information on the Row, Session ID, Alerts, Organization ID, User name, Device ID, IP Address, Location, Authentication Status, Login Time, Pre-Authentication Score, Pre-Authentication Action, Post-Authentication Score, Post-Authentication Action, Client Type, User ID, and Internal Session ID.

6.6 Add to Group

An Add to Group feature is available in Search sessions, session details, and each details page. While searching results, insights can be saved and used later for rebuilding predictive models, further investigation and rules evaluation. Add a sessions parameter to a group or create a group and add the sessions parameter to it, or remove a sessions parameter from a group, using the Add to Group button from the sessions pages sessions search results and Session Details page. One or more data points of various types can be easily selected in search results and added to an appropriate group. Only Security Administrators, System Administrators, and Investigators have access to the Add to Group command. IP Address Details page IP Address links from sessions listing or other pages. Click the IP Address links from the sessions listing or other pages to open the corresponding IP Address Details page, which shows additional details regarding that IP location. Location Details page Country, State or City links from the sessions listing or other pages Click the Country, State or City links from the sessions listing or other pages to open the corresponding Location Details page, which shows additional details regarding that location. Fingerprint Details page Flash Fingerprint ID or Browser Fingerprint ID links from the session details or listing page Click the Flash Fingerprint ID or Browser Fingerprint ID links from the session details or listing page to open the Fingerprint Details page. The Fingerprint Details page provides basic information about the Fingerprint; the data collected during Device Fingerprinting; lists of users, devices, and locations used; and a list of login sessions in which the fingerprint was generated for a particular period. Note: When multitenancy is enabled, investigators do not have access to details pages from anywhere in the OAAM Admin Console. Table 6–2 Cont. Search session results To open the Details page Click this link 6-6 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager Instructions for adding sessions parameters is provided in the following sections.

6.6.1 Add to Group From Sessions

To add a sessions parameter from sessions to an existing group 1. Select sessions of interest from the search results.

2. Click the Add to Group button.

The Add to Group dialog is displayed.

3. Choose the type of data to add to a group and click Next. Choose only one data

type at a time. ■ Device ■ User name ■ IP Address ■ Country ■ State ■ City

4. Search and select existing groups for adding the device to and click Next.

5. Items to be added to the group are listed below. To go back and change the items, click the Back button. To proceed with adding these items, click the Finish button. To add a sessions parameter to a group that is being creating:

1. Click Create New group to create a new group to add the device to.

2. On Add to Group dialog, enter: ■ Group Name ■ Cache Policy ■ Description

3. Click Next.

Table 6–3 Add and Remove from Group Feature Description Add sessions parameter to sessions parameter group Select a sessions parameter group from a list of parameter groups with which the parameter is not already associated and add the parameter to it. A User Group can be either a User ID or User Name group type. A parameter cannot be added to the same parameter group multiple times with the exception of the alert. An alert can be added to an Alert Group multiple times, since whenever an alert is added to an Alert Group, a new instance of the existing alert is created and added to the group. Create a new sessions parameter group and add parameter to the newly created group. Add a new parameter group and add the parameter to it. A user group can be of either User ID or User Name group type. Remove parameter from parameter group Select multiple parameter groups with which the parameter is already associated and remove the parameter from the selected groups. Note: Removing users from Organization ID is not recommended. Viewing Additional Details for Investigation 6-7 4. Items to be added to the group are listed. To go back and change the items, click the Back button. To proceed with adding the items, click the Finish button.

6.6.2 Add to Group from Details Pages

To add a sessions parameter to a group: 1. Select a row containing one or more session parameters user, Device ID, IP, and so on.

2. Click the Add to Group button in the upper right corner.

The Add to Group dialog appears with the following search filters: 3. Select the group or create a new group. Figure 6–2 shows the dialog for adding a sessions parameter to an existing group. Table 6–4 Add to Group Dialog Filters Filter Description Group Name The name of the group. Groups for which the sessions parameter is not a member of are listed. Group Type The type of group. Groups for which the sessions parameter is not a member of are listed. Description The description of the group. Groups for which the session parameter is not a member of are listed.