24 Using the Dashboard

The Oracle Adaptive Access Manager Dashboard is an application that provides a high-level view of real monitor data.

This chapter provides detailed instructions on how to use the dashboard to monitor real-time performance and activity. It contains the following topics:

• Introduction

• Using the Dashboard in Oracle Adaptive Access Manager

• Use Cases

24.1 Introduction

This section introduces you to the dashboard and how it is used.

24.1.1 What is a Dashboard?

The Oracle Adaptive Access Manager Dashboard is an application that provides a high-level view of real monitor data. Monitor data is a representative sample of data.

It presents a real-time view of activity via aggregates and trending.

The Dashboard is comprised of three sections that enable you to focus your review on relevant data, such as the following:

• Performance statistics

• Expanded summary data

• Statistics based on location, scoring, device, security, and performance

Dashboard reports that are presented help you visualize and track trends. With a dashboard report you could check the frauds/alerts in your system. The dashboard also helps you make decisions based on user/location/devices profile allowing easy identification of risks taking place in the system.

The level of access to the dashboard (user interface views and controls) is based according to roles and company requirements.

24.1.2 Common Terms and Definitions

This section contains common dashboard terms and definitions.

Table 24-1 Common Dashboard Terms and Definition

Term	Definition
Refresh	Rate to update Dashboard with new data. The choices are 30 seconds, 1 minute, and 10 minutes.
Performance Panel	Section 1 of the Dashboard shows real-time data.
Summary Panel	Section 2 of the Dashboard shows aggregate data.
Dashboard Panel	Section 3 of the Dashboard shows historical data.
Data type	Type of information in the Oracle Adaptive Access Manager system.
Range	Time frame. The choices are Today, Last 1 day, Last 7 days, Last 30 days, and Last 90 days.
Average Process Time	Average number of milliseconds for execution.
Blocked Transactions	Transactions that were blocked during the transaction checkpoint.
High Alert (Logins)	High level alerts triggered during the login checkpoint.
High Alert (Transactions)	High level alerts triggered during the transaction checkpoint.
KBA Challenges	Challenge question responses.
OTP Challenges	OTP challenge responses

24.2 Navigation

From the Navigation tree, double-click Dashboard. The Dashboard will appear in OAAM Admin's right side.

The dashboard is divided into three sections:

• The performance panel (Section 1) presents real-time data. It shows the performance of the traffic that is entering the system. A trending graph is shown of the different types of data based on performance.

• The summary panel (Section 2) presents aggregate data based on time range and different data types.

• The dashboard panel (Section 3) presents historical data. The detailed dashboards are used for trending data over time ranges.

24.3 Using the Dashboard in Oracle Adaptive Access Manager

The Oracle Adaptive Access Manager Dashboard uses real-time data to provide a quick, overview of users and devices that have generated alerts and of all alerts by geographic location. It displays different levels of security to help you analyze online traffic, identify suspicious behavior, and design rules for fraud prevention. The dashboard also offers both total time views and trending views of performance levels.

24.3.1 Performance

This section provides information on viewing the total view and trending views.

24.3.1.1 Viewing Statistics in Total View and Trending View

The Performance panel (Section 1) displays a total view on the left and a trending view on the right.

• The total view shows the statistics on the current volume or rate of logins at the present time versus the maximum.

  Max - the maximum number of logins per minute

  Current - the current number of logins per minute

• The trending view provides statistics on the selected data (how the data progresses) during the past hour.

24.3.1.2 Viewing Performance Data

To view the performance data:

1. Select the data type you want from the Data list.

   The data types provided are:

   Table 24-2 Performance Data Types

   Data Type	Definition
   Logins per minute	Number of successful login per minute
   KBA challenges per minute	Number of challenge question responses per minute
   OTP challenges per minute	Number of OTP challenge responses per minute
   Blocked logins per minute	Number of blocked logins per minute
   Blocked transactions per minute	Number of blocked transactions per minute
   Transactions per minute	Number of successful transactions per minute
   High Alerts (Logins) per minute	Number of high alerts triggered during the login checkpoint per minute
   High Alert (Transactions) per minute	Number of high alerts triggered during the transaction checkpoint per minute

   
   

2. To select more than one data type, control-click the types you want.

   Note: The Performance panel is intended for viewing between 1 and 3 data points at a time.

3. To change the refresh rate, select the refresh rate from the Refresh list.

Figure 24-1 Performance Panel

Graphs are shown in different colors, which are generated on the fly, to distinguish the data schemes that are represented.

The performance panel also provides tooltips so that you can view more detailed information about the data points you are interested in. To view information using tooltips, move the mouse to the desired data point.

24.3.1.3 Difference Between Performance Panel and Performance Dashboard

The Performance panel (Section 1) displays real-time interpolations that are updated at the selected rate. The numbers displayed are not totals even though they may correspond numerically to totals in many instances.

The Performance dashboard is one of the five detailed dashboards in Section 3. Section 3 provides accurate totals and trends them over time.

A good analogy to the difference between these two views is a speedometer. Section 1 is like a speedometer. While driving, a speedometer may display 60 m.p.h. This does not mean that during the hour you have traveled 60 miles. In reality you, would have traveled 25 miles if the speed fluctuated or you stopped for gas. If Section 1 shows the rate at which you are traveling, Section 3 shows your actual distance traveled.

24.3.2 Summary

The Summary panel displays an overview or aggregate of the selected data type for the specified range or time fame.

Data Types

Table 24-3 presents the data types in the Summary panel.

Table 24-3 Summary Data Types

Data Type	Definition
Login Sessions	Login sessions
Success Logins	Successful logins
Temporary Allow Logins	Logins that occurred while a temporary allow was active
Blocked Logins	Logins that were blocked during the login checkpoint
High Alert (Logins)	High level alerts triggered during the login checkpoint
KBA Challenges	Challenge question responses
OTP Challenges	OTP challenge responses
Transaction Sessions	Transaction ID
Success Transactions	Successful transactions
Blocked Transactions	Transactions that were blocked during the transaction checkpoint.
High Alert (Transactions)	High level alerts triggered during the transaction checkpoint
Average Rule Process Time	Average number of milliseconds for rule execution
Average Policy Process Time	Average number of milliseconds for policy execution
Average Checkpoint Process Time	Average number of milliseconds for checkpoint execution

To select a data type, click the one you want from the Data list.

To select more than one data type, control-click the types you want.

Figure 24-2 Summary panel

Refresh

To change the refresh rate, click the Refresh list and then click the refresh rate you want.

Range

To change the range or timeframe, click the Range list and then click the range you want.

24.3.3 Dashboards

Section 3 provides access to five different dashboard types:

• Location

  For information about the Location dashboard, refer to Section 24.3.3.1, "Viewing Data Type by Location."

• Scoring

  For information about the Scoring dashboard, refer to Section 24.3.3.2, "Viewing a List of Scoring Breakdowns."

• Security

  For information about the Security dashboard, refer to Section 24.3.3.3, "Security Dashboard," and Section 24.3.3.4, "Viewing a List of Rules or Alerts by Security."

• Device

  For information about the Device dashboard, refer to Section 24.3.3.5, "Viewing Browser and Operating System Data by Device."

• Performance

  For information about the Performance dashboard, refer to Section 24.3.3.6, "Viewing a Data Type by Performance."

Figure 24-3 Five Dashboards

For each dashboard type you can select the type of data you want to see from a menu of data types. For example, if you select the Location dashboard, a Country list appears that enables you to select the country you want.

Figure 24-4 Choices After Data Type Selection

24.3.3.1 Viewing Data Type by Location

You can view data type by location.

1. In Section 3, in the Dashboard drop-down menu, select Location.

   The section becomes a Location dashboard.

2. In the Data drop-down menu, select the data type you want to view by location.

   The data types you can select to view by country are the following:

   Table 24-4 Data Types by Location

   Data Types by Location	Definition
   Alerts	Alert that have been triggered by country
   Actions	Actions that have been taken by country
   KBA Challenges	KBA challenges that have been triggered by challenge result and country
   OTP Challenges	OTP challenges that have been triggered by challenge result and country
   Routing Type	Routing types by country
   Sessions	Sessions by country
   Temporary Allow	Temporary allows that have been made by country

   
   

3. To narrow the list to a specific Organization ID, select an application from the Organization ID drop-down menu

4. To narrow the list to a specific timeframe, select a ranges from the Range drop-down menu.

5. To narrow the list to a specific checkpoint, select a checkpoint from the Checkpoint drop-down menu.

6. To narrow the list to a specific country, select a country from the Country list, click the country you want.

7. If you selected the alerts data type, you can narrow the list further by selecting the alert level you want from the Alert Level box.

8. If you selected the alerts or temporary allow data type, you can narrow the list further by selecting the checkpoint you want from the Checkpoint list.

Note:

For KBA challenges from phone challenges, the country will be listed as "Data Not Available". For these records, the trending graph will not be displayed.

24.3.3.2 Viewing a List of Scoring Breakdowns

To view a list of scoring breakdowns:

1. In the Dashboard list, click Scoring.

   The Scoring dashboard appears and defaults to risk score.

2. To narrow the list to a specific checkpoint, in the Checkpoint list, click the Checkpoint you want.

3. To narrow the list to a specific timeframe, in the Ranges list, click the range you want.

4. Click Refresh.

24.3.3.3 Security Dashboard

Items in the Dashboard list are accessible based on your role. Only fraud investigators can access the Security dashboard.

24.3.3.4 Viewing a List of Rules or Alerts by Security

To view a list of rules or alerts by security:

1. In the Dashboard list, click Security.

   The Security dashboard appears and defaults to rules.

2. To specify a different data type, on the Data list, click the data type you want.

   The data types provided.

   • Rules

   • Alerts

3. To narrow the list to a specific Organization ID, on the Organization ID list, click the Organization ID you want.

4. To narrow the list to a specific checkpoint, in the Checkpoint list, click the range you want.

5. To narrow the list to a specific timeframe, in the Ranges list, click the range you want.

6. Click Refresh.

24.3.3.5 Viewing Browser and Operating System Data by Device

To view browser and operating system data by device:

1. In the Dashboard list, click Device.

   The Device dashboard appears and defaults to browser/operating system.

2. To narrow the list to a specific Organization ID, in the Organization ID list, click the Organization ID you want.

3. To narrow the list to a specific timeframe, in the Ranges list, click the range you want.

4. Click Refresh.

24.3.3.6 Viewing a Data Type by Performance

To view a data type by performance:

1. In the Dashboard list, click Performance.

   The Performance dashboard appears and defaults to rules.

2. To specify a different data type, in the Data list, click the data type you want.

   The data types provided are:

   Table 24-5 Data Type by Performance

   Data Type by Performance	Definition
   Rules	Rules currently in the system
   Policies	Policies currently in the system
   Checkpoints	Points in a session when rule is run
   APIs	Calls into the system through the soap interface
   Tracker APIs	Calls into the tracker subsystem
   Authorization APIs	Calls into the authorization subsystem
   Common APIs	Miscellaneous calls
   CC APIs	Calls into the Cases subsystem
   Rules APIs	Calls to the rules processor

   
   

   Figure 24-5 Viewing Data Type by Performance

   
   

3. If you selected the rules or policies data type, you can narrow the list further by selecting the checkpoint you want from the Checkpoint list.

4. To view data trended over a specific timeframe, in the Ranges list, click the range you want.

5. To trend data for a specific data type item, select the row from the Performance table.

6. Click Refresh.

24.3.3.7 Using the Total and Trending Views

The left side of the dashboard panel displays a total view and the right side displays a trending view of the selected data type.

The total and trending view sections are placed side by side, and you can toggle between the views to look at the details of one more clearly. For example, you can expand the trending view section to see the entire legend instead of a portion of it.

You must select a row from the table in the total view to see data in the trending view. After selecting a row or more, the trending view will show you the corresponding graph(s) of the data. Graphs are shown in different colors to distinguish the data schemes that are represented. The colors are generated on the fly; they are not predefined.

Figure 24-6 Total and trending views

24.3.3.8 Viewing the Trending View Graph

The graph in the trending view adjusts accordingly based on the information being shown. The Y-coordinate will adjust depending on the highest data point. The sample will adjust based on the range. Also, whether you can choose to see data by hours, days, weeks, or months will depend on what is selected for the range.

24.3.3.9 View by Range

To narrow the data gathered to a specific time frame, from the Range list, select Today, Last 1 day, Last 7 days, Last 30 days, or Last 90 days.

24.3.3.10 View by Sample

To view data by a periodic interval, from the Samples list, select hourly, daily, weekly, or monthly. The choices available will depend on the range selected.

An example would be that if you have collected data over a period of six months, and you want to show how much data was collected every day using last month's data, you would choose to show daily samples trended over a month.

24.3.3.11 Last Updated

The "Last Updated" field, which also appears in the performance panel (Section 1), is updated when you select a different data type.

24.3.3.12 Using Tooltips

Tooltips are particularly useful if the data points are shown closely together (packed); you can use the tooltip to gather information. For example, you may want to view data for every 1-hour sample.

Figure 24-7 Tooltips

24.4 Use Cases

This section provides a scenario of how Oracle Adaptive Access Manager's dashboards are used.

24.4.1 Use Case: Trend Rules Performance on Dashboard

Through using the dashboard, Security Administrators--who plan, configure and deploy policies--can monitor the performance of rules and modify if necessary.

Rules and policies can potentially have a performance impact. For example, if the Security Administrator defines a new policy to check for a user, who is not using an email address that had been used before (ever). If the bank has more than 1 billion records in the database, performing that check against all the records for every transaction has great impact on performance.

To trend rule performance on the dashboard (find the average rule processing times for the past week with daily samples):

1. Log in to OAAM Admin.

2. In the Navigation tree, select Dashboard. The dashboard is displayed.

   The dashboard is divided into three sections:

   • The performance panel on the top presents real-time data. It shows the performance of the traffic that is entering the system. A trending graph is shown of the different types of data based on performance.

   • The summary panel in the middle presents aggregate data based on time range and different data types.

   • The dashboard at the bottom presents historical data. The detailed dashboards are used for trending data over time ranges.

3. In the performance dashboard in Section 3, select Performance from the Dashboard list.

4. Select Rules from the Data list.

   You have selected Rules to view rule performance.

   The rules appear in the Performance - Rules table.

5. Narrow the data to view by a specific time frame. To view average rule processing times for the past week, in the Range list, select Last 7 Days.

   The average processing time for each rule is shown in the Average Processing Time column of the Performance-Rules table.

6. Select the sample to use to trend the data. To specify that you want to use daily samples to trend the performance data, select Daily from the Sample list.

7. View the specific trend graph. Click a specific rule in the Performance - Rules table to see the performance trend graph.

24.4.2 Use Case: View Current Activity

Business Analyst, Security Administrators, and Fraud Investigators are interested in actions that affect the user.

The Dashboard panel (Section 3) displays a total view and a trending view of the selected data type.

To monitor actions:

1. View the number of blocks

2. View the number of KBA challenges

3. View the number of OTP challenges

4. Trend the information over time, taking note of spikes and number of customers affected.

24.4.3 Use Case: View Aggregate Data

Business Analyst, Security Administrators, and Fraud Investigators are interested in actions that affect the user.

To obtain up-to-date numbers for user access and actions, view the Summary panel (Section 2), which provide an aggregate of the data.

24.4.4 Use Cases: Additional Security Administrator and Fraud Investigator Use Cases

Security Administrators and Fraud Investigators are interested in viewing:

• Current activity and trended activity over time

• Average performance numbers and trended performance averages over time

• Distribution of events trended by geography

• Security events trended over time

Viewing Current Activity and Trended Over Time

Security Administrators and Fraud Investigators are interested in viewing current activity and trended over a short period of time.

1. Log in to OAAM Admin.

2. Navigate to the Dashboard.

3. In the Performance Panel (Section 1) select a data type from the Data list.

4. View statistics in total view and trending view.

   • Total view - current activity over short period of time

   • Trending view - current activity trended over a short period of time

5. In the Summary Panel (Section 2), view a summary of the current activity for a range.

   • Sessions

   • Actions

   • Alerts

   • and others

Average Performance Numbers and Trended Performance Averages Over Time

Security Administrators and Fraud Investigators are interested in viewing average performance numbers and trended performance averages over time

1. Log in to OAAM Admin.

2. Navigate to the Dashboard.

3. In the Performance dashboard (in Section 3), view the following by performance.

   • Rules

   • APIs

   • and others

Distribution of Events Trended by Geography

Security Administrators and Fraud Investigators are interested in viewing a distribution of events trended by geography.

1. Log in to OAAM Admin.

2. Navigate to the Dashboard.

3. In the Performance dashboard (in Section 3), view events by location.

   • Sessions

   • Actions

   • Alerts

   • and others

Security Events Trended Over Time

Security Administrators and Fraud Investigators are interested in viewing security events trended over time.

1. Log in to OAAM Admin.

2. Navigate to the Dashboard.

3. In the Performance dashboard (in Section 3), view security events.

   • Rules

   • Alerts

   • and others

24.4.5 Use Cases Additional Business Analyst Use Cases

Business Analyst are interested in viewing:

• Customer behavior trend

  • Operating system browser combinations

  • KBA challenges

  • Blocks

• Distribution of events trended by geography

  • sessions

  • actions

  • alerts

  • and so on

24.4.6 Use Case: Viewing OTP Performance Data

1. In the Navigation tree, double-click Dashboard.

2. Check Section I of the Dashboard for OTP Challenges per minute.

   The graph displays the OTP Challenges per minute statistics

3. Check Section II of the Dashboard

   The summary table of the Dashboard displays the Count of OTP Challenges for the specified time period.

4. Check Section III of the Dashboard under Locations.

   The Location Dashboard displays performance statistics, such as count, percentage, and others.