This documentation is for WSO2 Identity Server 5.2.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

View

(Example)

Description

 This gadget indicates the following.

  • The total number of login attempts made during the selected time interval.
  • The success and the failure rate for login attempts during the selected time interval.

    Note

    Region map shown in the dashboard may not show all the regions for the login attempts. This is because the packed sample database does not contain complete data for all the IP addresses. To use the region map, create a new database with complete data and do the necessary configurations in WSO2 IS Analytics Server. For detailed instructions, see Using Geolocation Based Statistics.

Purpose

This allows you to identify the overall login attempts handled by IS over time. As a result, you can understand the login patterns and detect deviations that may indicate unusual occurrences such as attacks, system downtime, etc.

Recommended Action

Check the success and failure rate at different time intervals to identify login patterns (e.g., different days of the week, different hours of the day). If there is a deviation from the observed pattern, check for unusual activity (e.g., attacks, system downtime etc.).

Login Attempts Distribution Over Top 10 Service Providers/First Time Login Service Providers

 

View

(Example)

Description

This gadget ranks the top 10 service providers for the selected time interval based on their successful login attempts as well as failed login attempts. The number of successful/failed login attempts for each service provider is plotted on the chart in order to provide a comparison.

Purpose

This gadget allows you to:

  • Identify the most frequently accessed service providers.
  • Detect unusual occurrences based on significant changes in the frequency with which each service provider is accessed.

Recommended Action

Click on the bars corresponding to different service providers to view successful and failed login attempts filtered by the selected service provider.

 

Login Attempts Distribution Over Top 10 Users

 

View

(Example)

Description

This gadget ranks the top 10 users for the selected time interval based on their successful login attempts as well as failed login attempts. The number of successful/failed login attempts of each user is plotted on the chart in order to provide a comparison.

Purpose

This gadget allows you to:

  • Identify the users that make the most frequent login attempts
  • Detect unusual occurrences based on significant changes in the frequency of the login attempts by each user.

Recommended Action

Click on the bars corresponding to different users to view the successful and failed login attempts filtered by the selected user.

 

Data Table

 

View

(Example)

Description

This gadget provides a list view of login attempts during the selected time interval. Details displayed for each login attempt include the context ID, username, service provider, subject step, roles, tenant domain, IP, region, whether the overall authentication was successful or not, and the time stamp. The login attempts can be sorted in the ascending/descending order by the fields in the table if required.

Info

When a user makes a failed login attempt, the role and the tent domain of the user cannot be identified by WSO2 Analytics unless the user ID is in the <User_STORE>/<NAME>@<TENANT_DOMAIN> format. When the tole and the tenant domain is not identified, NOT_AVAILABLE is displayed in the Roles column, and the super tenant dominion is displayed in the Tenant Domain column.

e.g., If a login attempt is made using the valid user ID manager and an incorrect password, the data table displays NOT_AVAILABLE in the Roles row, and carbon.super (i.e., the domain of the super tenant) is displayed in the Tenant Domain column.

If a login attempt is made using the valid user ID SecondaryUserStore/manager@abc.com and an incorrect password, the data table displays SecondaryUserStore in the Roles column, and abc.com in the Tenant Domain column.

Purpose

This gadget allows you to identify the individual login attempts made during the selected time interval and view detailed information about them.

Recommended Action

Sort the records by each field available in order to identify the login patterns relating to each username, service provider, role, and IP. Deviations from the identified patterns can help you to detect unusual occurrences.