Duo Fraud Compare

Duo Fraud Compare playbook compares the geo location of access device, authentication device, and previous logged-in device.

1. Trigger: It retrieves the information from the Duo Fraud Investigation parent playbook to continue the further investigation.

2. If Then: It checks if the IP address of the access device and the previous logged-in device match. If it matches, it sets the global parameter Match as Yes. If not, it will continue the investigation.

3. If Then: It checks if the city of the access device and previous logged-in devices match. If it matches, it sets the global parameter Match as Yes. If not, it will annotate playbook.

4. Annotation: It adds the annotation Escalate Incident in the playbook.

5. Parameters: It sets the global parameter Match as Yes.

6. End: It returns the value of Match to the parent playbook.