On the Recommendations page, you can filter and sort results by building advanced search queries using a custom syntax.
A full query consists of two optional clauses: <WHERE> and <ORDER BY>. You can use these separately. If both clauses are used, <WHERE> must come first.
The WHERE clause identifies the data to filter. It filters results using the following structure:
Fields: Data to filter (available via the autocomplete dropdown in the UI).
Open complete field list
Action IDAction resultAction typeApplication nameAssigneeBehavior input methodBehavior is inactivityBehavior movement velocityBehavior typing velocityCampaign IDClaimed user IDClient nameCorrelation IDDevice IDDevice MNCDevice fingerprintDevice is emulatedDevice is spoofedDevice is tamperedDevice modelDevice nameDevice power stateDevice public keyDevice screen available heightDevice screen available widthDevice screen heightDevice screen widthDevice summer timezone offsetDevice timezoneDevice winter timezone offsetFraud ring IDIPIP company nameIP locationLabel sourceLabel subjectLabel typeLabel use caseList IDNetwork ASN IDNetwork ASN nameNetwork IP cityNetwork IP countryNetwork IP domainNetwork IP organization typeNetwork IP regionNetwork IP timezoneNetwork is TorNetwork is VPNNetwork is anonymizerNetwork is proxyPayee account numberPayee bankPayee branchPayee namePayer account numberPayer bankPayer branchPayer namePreview recommendationPreview rule nameReasonRecommendationRecommendation was consumedRisk scoreThreatTotal devices per userTotal users per deviceTransaction amountTransaction currencyTransaction reasonUser ID- `User agent"
Supported Operators:
=INBETWEEN(only for numeric values)
Values:
- For
IN: wrap values in parenthesesAction type IN (login, authenticated) - For
BETWEEN: use parentheses and connect values withTORisk score BETWEEN (10 TO 95)
- For
Logical Operators: Only
ANDis supported to combine multiple conditions.
Recommendation = DENYAction type IN (login, authenticated)Recommendation = TRUST AND Action type IN (login, authenticated)Risk score BETWEEN (10 TO 95)Recommendation IN (CHALLENGE, DENY) AND Action type = authenticated AND Risk score BETWEEN (10 TO 95)
The ORDER BY clause is used to sort the results based on a specific field, in either ascending or descending order.ORDER BY clauses are structured as follows:
ORDER BY: keyword (constant)Field: Identifies the data to filter (available via the autocomplete dropdown in the UI).
Open complete field list
Action IDAction resultAction typeAssigneeBehavior input methodBehavior is inactivityBehavior movement velocityBehavior typing velocityCampaign IDCorrelation IDDevice IDDevice MNCDevice fingerprintDevice is emulatedDevice is spoofedDevice is tamperedDevice modelDevice nameDevice screen available heightDevice screen available widthDevice screen heightDevice screen widthDevice summer timezone offsetDevice timezoneDevice winter timezone offsetFraud ring IDIPIP locationLabel sourceLabel use caseNetwork ASN IDNetwork ASN nameNetwork IP cityNetwork IP countryNetwork IP domainNetwork IP organization typeNetwork IP regionNetwork IP timezoneNetwork is TorNetwork is VPNNetwork is anonymizerNetwork is proxyRecommendationRecommendation was consumedRisk scoreTotal devices per userTotal users per deviceUser IDUser agent
Direction:
ASCorDESC
ORDER BY Risk score DESCORDER BY Recommendation ASC
Recommendation IN (CHALLENGE, DENY) AND Action type = authenticated AND Risk score BETWEEN (10 TO 95) ORDER BY Risk score DESC
Explanation:
Show me all the records where:
- the recommendation is either CHALLENGE or DENY →
Recommendation IN (CHALLENGE, DENY) - and the action type is exactly authenticated →
Action type = authenticated - and the risk score is between 10 and 95 (inclusive) →
Risk score BETWEEN (10 TO 95)
...and sort the results by:
- risk score, from highest to lowest →
ORDER BY Risk score DESC