Fraud Monitor uses configurable rules to find call patterns which are considered fraudulent and classify the severity of the incident with a points system. On the Rules section, you can decide which rules are used, configure them, and restrict their use.

1. Click Settings.
2. Click the navigation bar on the left-hand side of the page that lists the set of rules you can use.

   Figure 4-1 Configuring Fraud Monitor Rules

   
3. Click on a rule to open up its configuration panel in the left panel.
   Every configuration panel has Add, Edit and Delete, which you can use to configure a specific rule.
4. Use the check box next to the rule name in the left panel to enable or disable the rule. The check-box is enabled by default.

   Figure 4-2 Example of Rules Configuration

   
5. Click Add to add the rule definition. The Add Rule window is displayed.
6. In the Add Rule window, define the rule using the threshold, point type, and Familiarity limits fields.

   Field	Description
   Point Type	Select Dynamic or Static. For more information, see Configuring Points Accumulation.
   Threshold	Threshold is the limit. If the threshold is crossed, then users accumulate points. Enter it in terms of percentage for a dynamic metric, or an integer for a static metric.
   Points	Points assigned.
   Familiarity limit	Familiarity is the difference in time relative to the time when the network user was seen by Fraud Monitor for the first time. Use the > or < prefixes to specify an upper or lower limit. For example, if you enter > 2, it means that a rule is only applicable if the user's timestamp is at least less than 2 hours in the past. if you enter "<2", it means that a rule is only applicable if the timestamp for a given user is not yet 2 hours in the past. If you do not specify the familiarity limit, then the rule is always applicable. This is optional.

7. Assign a Rule Weight The default is value 1.00. The rule weight can be used to make some rules more important than others.

   Based on the Alert settings configured, if any user crosses the notification threshold on any rule, an incident is raised and a notification is sent to the user.