1. Home >
2. API >
3. 2 >
4. Vigilance AI >
5. Overview

Overview

Vigilance AI is OneLogin’s proprietary engine for analyzing a wide variety of threat factors and user behaviors that could compromise your organization’s security, automatically protecting you from threats based on a calculated risk score.

When a user logs in, Vigilance tracks a wide variety of factors taking place during the login attempt, such as:

• Is the user logging in from an IP address flagged as a threat in AlienVault Open Threat Exchange or block-listed by Project HoneyPot?

• Is Tor network access being used during the login attempt?

• What browser, operating system, IP address, and device is being used for the login attempt?

• Where is the user’s geographic location?

• What time of day is the user logging in?

Based on these factors and more, login attempts are assigned scores on a scale of 0-100, which are then ranked into levels of No Risk (0-4), Low Risk (5-25), Medium Risk (26-50), and High Risk (51-100). Meanwhile, Vigilance is learning from each attempt, building up a typical login behavior profile for each user, taking into consideration their usual login patterns and what to consider “normal” activity for each given user. Each time the user logs in using the same pattern of behavior, forming the same consistent habits, Vigilance lowers their risk score. However, when the pattern is broken — for example, if the user signs in during the middle of the night, in a new country, or using an unfamiliar device — their risk score is raised again.

In order to make any calls to the Vigilance AI API, you must have at minimum:

1. Enabled either Smart MFA or Smart Access on one of your security policies
2. Assigned this security policy to at least one user

If you are receiving 401 errors when making API calls to Vigilance, ensure you have fulfilled these criteria.

---