Sentinel Risk Configuration
Fine-tuning risk scores, weights, and decision thresholds.
Sentinel Configuration
Sentinel allows you to "train" the risk engine based on your specific security needs. You can decide how much weight to assign to various security events.
Score Adjustments (Weights)
Every suspicious event adds a value to the total Risk Score (from 0.0 to 1.0). You can adjust the following parameters:
- Malware/Threat IP Flag: High risk score for IPs found in global blacklists.
- TOR/VPN Flag: Risk associated with anonymizing networks.
- Unknown IP / Country: Extra risk added when a user logs in from a location or IP never seen before.
- New User Agent: Risk for using a new browser or hardware.
Risk Reduction
- Session Continuity Reduction: This negative value reduces the risk score if the user maintains a stable, known session. This is vital for avoiding "false positives" during normal app usage.
Decision Thresholds
Define the limits at which Sentinel must intervene:
| Threshold | Description |
|---|---|
| Challenge MFA Threshold | If the score is >= this value, the user will be prompted for T-OTP, even if not strictly required by their profile. |
| Deny Threshold | If the score is >= this value, access is denied immediately, regardless of correct credentials. |
Calibration Warning
Setting a Deny threshold too low (e.g., 0.40) might block legitimate users who are traveling or using new devices. It is recommended to start with conservative thresholds (MFA at 0.50 and Deny at 0.85).
T-OTP Integration
Sentinel allows you to globally enable or disable the Time-Based One-Time Password service. When enabled, you can offer 2FA via apps like Google Authenticator or Authy using Donutwork's native APIs.