Using Risk Score Policies
Verosint uses identifiers as the starting point to draw connections between relevant OSINT signals, providing you with a holistic view of the users accessing your applications. A risk score policy uses one or more identifiers evaluated against OSINT data to determine the likelihood of risk to your system. For example, if an email address is found to be part of a recent data breach, the likelihood of risk is higher than one not part of a breach.
The following three identifiers are best at determining immediate risk to your systems:
- Email address
- IP address
- Phone number
You can enter one or more identifiers to get a score. The more identifiers you provide for a user, the more comprehensive the score will be. If any of the identifiers are formatted incorrectly, you'll get an error message in the API response. See the Risk Score API reference for valid formatting.
To start, three policies are provided:
- Strict Policy: The signals are tuned to the strictest levels. When using this policy, more users are classified as HIGH risk.
- Moderate Policy: Signals are tuned to moderate levels. When using this policy, more users are classified as MEDIUM or HIGH risk.
- Permissive Policy: Signals are tuned to low levels. When using this policy, more users are classified as LOW or MEDIUM risk.
Updated 9 days ago