Create Risk Policy Set - Targeted Policy with Mitigations

POST {{apiPath}}/environments/{{envID}}/riskPolicySets

This example uses POST {{apiPath}}/environments/{{envID}}/riskPolicySets to create a new targeted risk policy that includes a number of mitigations.

The flow type, user group, and application conditions are defined in the targets object.

The mitigations array is used to specify the recommended course of action that should be taken. Currently this array can only contain a single object.

Prerequisites

Refer to Risk Policies for important overview information.

:::requestmodel

For complete property descriptions, refer to Risk Policies.

Property Type Required?

Property	Type	Required?
`defaultResult.level`	Object	Optional
`name`	String	Required
`riskPolicies`	String	Required
`riskPolicies[].condition`	Object	Required
`riskPolicies[].condition.equals`	String	Optional
`riskPolicies[].condition.type`	String	Required
`riskPolicies[].condition.value`	String	Optional
`riskPolicies[].condition.aggregatedScores`	Array	Required
`riskPolicies[].condition.aggregatedScores.score`	Integer	Required
`riskPolicies[].condition.aggregatedScores.value`	String	Required
`riskPolicies[].condition.between.maxScore`	Integer	Required
`riskPolicies[].condition.between.minScore`	Integer	Required
`riskPolicies[].name`	String	Required
`riskPolicies[].result`	Object	Required
`riskPolicies[].result.level`	String	Required
`riskPolicies[].result.mitigations`	Array	Optional
`riskPolicies[].result.mitigations[].action`	String	Optional
`riskPolicies[].result.mitigations[].customAction`	String	Optional
`riskPolicies[].result.mitigations[].policyId`	String	Optional
`riskPolicies[].result.type`	String	Optional
`targets`	Object	Optional
`targets.condition`	Object	Optional
`targets.condition.and`	Array	Optional
`targets.condition.and[].contains`	String	Optional
`targets.condition.and[].list`	Array	Optional

defaultResult.level

Object

Optional

name

String

Required

riskPolicies

String

Required

riskPolicies[].condition

Object

Required

riskPolicies[].condition.equals

String

Optional

riskPolicies[].condition.type

String

Required

riskPolicies[].condition.value

String

Optional

riskPolicies[].condition.aggregatedScores

Array

Required

riskPolicies[].condition.aggregatedScores.score

Integer

Required

riskPolicies[].condition.aggregatedScores.value

String

Required

riskPolicies[].condition.between.maxScore

Integer

Required

riskPolicies[].condition.between.minScore

Integer

Required

riskPolicies[].name

String

Required

riskPolicies[].result

Object

Required

riskPolicies[].result.level

String

Required

riskPolicies[].result.mitigations

Array

Optional

riskPolicies[].result.mitigations[].action

String

Optional

riskPolicies[].result.mitigations[].customAction

String

Optional

riskPolicies[].result.mitigations[].policyId

String

Optional

riskPolicies[].result.type

String

Optional

targets

Object

Optional

targets.condition

Object

Optional

targets.condition.and

Array

Optional

targets.condition.and[].contains

String

Optional

targets.condition.and[].list

Array

Optional

:: :leveloffset: -1

Headers

Authorization Bearer {{accessToken}}

Content-Type application/json

Body

raw ( application/json )

{
    "name": "Targeted policy with mitigations",
    "defaultResult": {
        "level": "Low"
    },
    "targets":{
        "condition": { "and": [{
            "list": ["AUTHENTICATION", "AUTHORIZATION"],
            "contains": "${event.flow.type}"
          },
          {
            "list": ["Sales"],
            "contains": "${event.user.groups}"
          },
          {
            "list": ["6b6f867b-d768-4c2c-a9b6-6816da00d824", "845c9918-94d7-430c-b3d8-eafafc215fd9"],
            "contains": "${event.targetResource.id}"
          }]
        }
    },
    "riskPolicies": [{
        "name" : "USER_LOCATION_ANOMALY",
        "result" : {
          "mitigations" : [ {
            "action" : "CUSTOM",
            "customAction" : "CustomActionForUserLocationAnomaly"
          }],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.userLocationAnomaly.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "VELOCITY",
        "result" : {
          "mitigations" : [ {
            "action" : "DENY_AND_SUSPEND"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.ipVelocityByUser.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },{
        "name" : "USER_RISK_BEHAVIOR",
        "result" : {
          "mitigations" : [ {
            "action" : "VERIFY"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.userBasedRiskBehavior.level}",
          "equals" : "Medium",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "EMAIL_REPUTATION",
        "result" : {
          "mitigations" : [ {
            "action" : "MFA",
            "mfaAuthenticationPolicyId" : "{{deviceAuthenticationPolicyID}}"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.emailReputation.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "IP_REPUTATION",
        "result" : {
          "mitigations" : [ {
            "action" : "APPROVE"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.ipRisk.level}",
          "equals" : "Low",
          "type" : "VALUE_COMPARISON"
        }
    },
    {
        "name": "Medium scored policy",
        "result": {
            "level": "MEDIUM"
        },
        "condition": {
            "type": "AGGREGATED_SCORES",
            "aggregatedScores": [
                {
                    "value": "${details.userLocationAnomaly.level}",
                    "score": 40
                },
                {
                    "value": "${details.anonymousNetwork.level}",
                    "score": 60
                },
                {
                    "value": "${details.ipRisk.level}",
                    "score": 40
                }
            ],
            "between": {
                "minScore": 700,
                "maxScore": 900
            }
        }
    },
    {
        "name": "High scored policy",
        "result": {
            "level": "HIGH"
        },
        "condition": {
            "type": "AGGREGATED_SCORES",
            "aggregatedScores": [
                {
                    "value": "${details.userLocationAnomaly.level}",
                    "score": 40
                },
                {
                    "value": "${details.anonymousNetwork.level}",
                    "score": 60
                },
                {
                    "value": "${details.ipRisk.level}",
                    "score": 40
                }
            ],
            "between": {
                "minScore": 900,
                "maxScore": 1000
            }
        }
        },
        {
        "name" : "FALLBACK",
        "result" : {
          "mitigations" : [ {
            "action" : "DENY"
          } ],
          "type" : "MITIGATION_FALLBACK"
        }
      }
    ]
}

Example Request

curl --location --globoff '{{apiPath}}/environments/{{envID}}/riskPolicySets' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "name": "Targeted policy with mitigations",
    "defaultResult": {
        "level": "Low"
    },
    "targets":{
        "condition": { "and": [{
            "list": ["AUTHENTICATION", "AUTHORIZATION"],
            "contains": "${event.flow.type}"
          },
          {
            "list": ["Sales"],
            "contains": "${event.user.groups}"
          },
          {
            "list": ["6b6f867b-d768-4c2c-a9b6-6816da00d824", "845c9918-94d7-430c-b3d8-eafafc215fd9"],
            "contains": "${event.targetResource.id}"
          }]
        }
    },
    "riskPolicies": [{
        "name" : "USER_LOCATION_ANOMALY",
        "result" : {
          "mitigations" : [ {
            "action" : "CUSTOM",
            "customAction" : "CustomActionForUserLocationAnomaly"
          }],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.userLocationAnomaly.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "VELOCITY",
        "result" : {
          "mitigations" : [ {
            "action" : "DENY_AND_SUSPEND"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.ipVelocityByUser.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },{
        "name" : "USER_RISK_BEHAVIOR",
        "result" : {
          "mitigations" : [ {
            "action" : "VERIFY"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.userBasedRiskBehavior.level}",
          "equals" : "Medium",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "EMAIL_REPUTATION",
        "result" : {
          "mitigations" : [ {
            "action" : "MFA",
            "mfaAuthenticationPolicyId" : "{{deviceAuthenticationPolicyID}}"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.emailReputation.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "IP_REPUTATION",
        "result" : {
          "mitigations" : [ {
            "action" : "APPROVE"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.ipRisk.level}",
          "equals" : "Low",
          "type" : "VALUE_COMPARISON"
        }
    },
    {
        "name": "Medium scored policy",
        "result": {
            "level": "MEDIUM"
        },
        "condition": {
            "type": "AGGREGATED_SCORES",
            "aggregatedScores": [
                {
                    "value": "${details.userLocationAnomaly.level}",
                    "score": 40
                },
                {
                    "value": "${details.anonymousNetwork.level}",
                    "score": 60
                },
                {
                    "value": "${details.ipRisk.level}",
                    "score": 40
                }
            ],
            "between": {
                "minScore": 700,
                "maxScore": 900
            }
        }
    },
    {
        "name": "High scored policy",
        "result": {
            "level": "HIGH"
        },
        "condition": {
            "type": "AGGREGATED_SCORES",
            "aggregatedScores": [
                {
                    "value": "${details.userLocationAnomaly.level}",
                    "score": 40
                },
                {
                    "value": "${details.anonymousNetwork.level}",
                    "score": 60
                },
                {
                    "value": "${details.ipRisk.level}",
                    "score": 40
                }
            ],
            "between": {
                "minScore": 900,
                "maxScore": 1000
            }
        }
        },
        {
        "name" : "FALLBACK",
        "result" : {
          "mitigations" : [ {
            "action" : "DENY"
          } ],
          "type" : "MITIGATION_FALLBACK"
        }
      }
    ]
}'

var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/riskPolicySets")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""name"": ""Targeted policy with mitigations""," + "\n" +
@"    ""defaultResult"": {" + "\n" +
@"        ""level"": ""Low""" + "\n" +
@"    }," + "\n" +
@"    ""targets"":{" + "\n" +
@"        ""condition"": { ""and"": [{" + "\n" +
@"            ""list"": [""AUTHENTICATION"", ""AUTHORIZATION""]," + "\n" +
@"            ""contains"": ""${event.flow.type}""" + "\n" +
@"          }," + "\n" +
@"          { " + "\n" +
@"            ""list"": [""Sales""]," + "\n" +
@"            ""contains"": ""${event.user.groups}""" + "\n" +
@"          }," + "\n" +
@"          { " + "\n" +
@"            ""list"": [""6b6f867b-d768-4c2c-a9b6-6816da00d824"", ""845c9918-94d7-430c-b3d8-eafafc215fd9""]," + "\n" +
@"            ""contains"": ""${event.targetResource.id}""" + "\n" +
@"          }]" + "\n" +
@"        }" + "\n" +
@"    }," + "\n" +
@"    ""riskPolicies"": [{" + "\n" +
@"        ""name"" : ""USER_LOCATION_ANOMALY""," + "\n" +
@"        ""result"" : {" + "\n" +
@"          ""mitigations"" : [ {" + "\n" +
@"            ""action"" : ""CUSTOM""," + "\n" +
@"            ""customAction"" : ""CustomActionForUserLocationAnomaly""" + "\n" +
@"          }]," + "\n" +
@"          ""type"" : ""MITIGATION""" + "\n" +
@"        }," + "\n" +
@"        ""condition"" : {" + "\n" +
@"          ""value"" : ""${details.userLocationAnomaly.level}""," + "\n" +
@"          ""equals"" : ""High""," + "\n" +
@"          ""type"" : ""VALUE_COMPARISON""" + "\n" +
@"        }" + "\n" +
@"      }," + "\n" +
@"      {" + "\n" +
@"        ""name"" : ""VELOCITY""," + "\n" +
@"        ""result"" : {" + "\n" +
@"          ""mitigations"" : [ {" + "\n" +
@"            ""action"" : ""DENY_AND_SUSPEND""" + "\n" +
@"          } ]," + "\n" +
@"          ""type"" : ""MITIGATION""" + "\n" +
@"        }," + "\n" +
@"        ""condition"" : {" + "\n" +
@"          ""value"" : ""${details.ipVelocityByUser.level}""," + "\n" +
@"          ""equals"" : ""High""," + "\n" +
@"          ""type"" : ""VALUE_COMPARISON""" + "\n" +
@"        }" + "\n" +
@"      },{" + "\n" +
@"        ""name"" : ""USER_RISK_BEHAVIOR""," + "\n" +
@"        ""result"" : {" + "\n" +
@"          ""mitigations"" : [ {" + "\n" +
@"            ""action"" : ""VERIFY""" + "\n" +
@"          } ]," + "\n" +
@"          ""type"" : ""MITIGATION""" + "\n" +
@"        }," + "\n" +
@"        ""condition"" : {" + "\n" +
@"          ""value"" : ""${details.userBasedRiskBehavior.level}""," + "\n" +
@"          ""equals"" : ""Medium""," + "\n" +
@"          ""type"" : ""VALUE_COMPARISON""" + "\n" +
@"        }" + "\n" +
@"      }," + "\n" +
@"      {" + "\n" +
@"        ""name"" : ""EMAIL_REPUTATION""," + "\n" +
@"        ""result"" : {" + "\n" +
@"          ""mitigations"" : [ {" + "\n" +
@"            ""action"" : ""MFA""," + "\n" +
@"            ""mfaAuthenticationPolicyId"" : ""{{deviceAuthenticationPolicyID}}""" + "\n" +
@"          } ]," + "\n" +
@"          ""type"" : ""MITIGATION""" + "\n" +
@"        }," + "\n" +
@"        ""condition"" : {" + "\n" +
@"          ""value"" : ""${details.emailReputation.level}""," + "\n" +
@"          ""equals"" : ""High""," + "\n" +
@"          ""type"" : ""VALUE_COMPARISON""" + "\n" +
@"        }" + "\n" +
@"      }," + "\n" +
@"      {" + "\n" +
@"        ""name"" : ""IP_REPUTATION""," + "\n" +
@"        ""result"" : {" + "\n" +
@"          ""mitigations"" : [ {" + "\n" +
@"            ""action"" : ""APPROVE""" + "\n" +
@"          } ]," + "\n" +
@"          ""type"" : ""MITIGATION""" + "\n" +
@"        }," + "\n" +
@"        ""condition"" : {" + "\n" +
@"          ""value"" : ""${details.ipRisk.level}""," + "\n" +
@"          ""equals"" : ""Low""," + "\n" +
@"          ""type"" : ""VALUE_COMPARISON""" + "\n" +
@"        }" + "\n" +
@"    }," + "\n" +
@"    {" + "\n" +
@"        ""name"": ""Medium scored policy""," + "\n" +
@"        ""result"": {" + "\n" +
@"            ""level"": ""MEDIUM""" + "\n" +
@"        }," + "\n" +
@"        ""condition"": {" + "\n" +
@"            ""type"": ""AGGREGATED_SCORES""," + "\n" +
@"            ""aggregatedScores"": [" + "\n" +
@"                {" + "\n" +
@"                    ""value"": ""${details.userLocationAnomaly.level}""," + "\n" +
@"                    ""score"": 40" + "\n" +
@"                }," + "\n" +
@"                {" + "\n" +
@"                    ""value"": ""${details.anonymousNetwork.level}""," + "\n" +
@"                    ""score"": 60" + "\n" +
@"                }," + "\n" +
@"                {" + "\n" +
@"                    ""value"": ""${details.ipRisk.level}""," + "\n" +
@"                    ""score"": 40" + "\n" +
@"                }" + "\n" +
@"            ]," + "\n" +
@"            ""between"": {" + "\n" +
@"                ""minScore"": 700," + "\n" +
@"                ""maxScore"": 900" + "\n" +
@"            }" + "\n" +
@"        }" + "\n" +
@"    }," + "\n" +
@"    {" + "\n" +
@"        ""name"": ""High scored policy""," + "\n" +
@"        ""result"": {" + "\n" +
@"            ""level"": ""HIGH""" + "\n" +
@"        }," + "\n" +
@"        ""condition"": {" + "\n" +
@"            ""type"": ""AGGREGATED_SCORES""," + "\n" +
@"            ""aggregatedScores"": [" + "\n" +
@"                {" + "\n" +
@"                    ""value"": ""${details.userLocationAnomaly.level}""," + "\n" +
@"                    ""score"": 40" + "\n" +
@"                }," + "\n" +
@"                {" + "\n" +
@"                    ""value"": ""${details.anonymousNetwork.level}""," + "\n" +
@"                    ""score"": 60" + "\n" +
@"                }," + "\n" +
@"                {" + "\n" +
@"                    ""value"": ""${details.ipRisk.level}""," + "\n" +
@"                    ""score"": 40" + "\n" +
@"                }" + "\n" +
@"            ]," + "\n" +
@"            ""between"": {" + "\n" +
@"                ""minScore"": 900," + "\n" +
@"                ""maxScore"": 1000" + "\n" +
@"            }" + "\n" +
@"        }" + "\n" +
@"        }," + "\n" +
@"        {" + "\n" +
@"        ""name"" : ""FALLBACK""," + "\n" +
@"        ""result"" : {" + "\n" +
@"          ""mitigations"" : [ {" + "\n" +
@"            ""action"" : ""DENY""" + "\n" +
@"          } ]," + "\n" +
@"          ""type"" : ""MITIGATION_FALLBACK""" + "\n" +
@"        }" + "\n" +
@"      } " + "\n" +
@"    ]" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/riskPolicySets"
  method := "POST"

  payload := strings.NewReader(`{
    "name": "Targeted policy with mitigations",
    "defaultResult": {
        "level": "Low"
    },
    "targets":{
        "condition": { "and": [{
            "list": ["AUTHENTICATION", "AUTHORIZATION"],
            "contains": "${event.flow.type}"
          },
          {
            "list": ["Sales"],
            "contains": "${event.user.groups}"
          },
          {
            "list": ["6b6f867b-d768-4c2c-a9b6-6816da00d824", "845c9918-94d7-430c-b3d8-eafafc215fd9"],
            "contains": "${event.targetResource.id}"
          }]
        }
    },
    "riskPolicies": [{
        "name" : "USER_LOCATION_ANOMALY",
        "result" : {
          "mitigations" : [ {
            "action" : "CUSTOM",
            "customAction" : "CustomActionForUserLocationAnomaly"
          }],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.userLocationAnomaly.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "VELOCITY",
        "result" : {
          "mitigations" : [ {
            "action" : "DENY_AND_SUSPEND"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.ipVelocityByUser.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },{
        "name" : "USER_RISK_BEHAVIOR",
        "result" : {
          "mitigations" : [ {
            "action" : "VERIFY"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.userBasedRiskBehavior.level}",
          "equals" : "Medium",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "EMAIL_REPUTATION",
        "result" : {
          "mitigations" : [ {
            "action" : "MFA",
            "mfaAuthenticationPolicyId" : "{{deviceAuthenticationPolicyID}}"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.emailReputation.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "IP_REPUTATION",
        "result" : {
          "mitigations" : [ {
            "action" : "APPROVE"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.ipRisk.level}",
          "equals" : "Low",
          "type" : "VALUE_COMPARISON"
        }
    },
    {
        "name": "Medium scored policy",
        "result": {
            "level": "MEDIUM"
        },
        "condition": {
            "type": "AGGREGATED_SCORES",
            "aggregatedScores": [
                {
                    "value": "${details.userLocationAnomaly.level}",
                    "score": 40
                },
                {
                    "value": "${details.anonymousNetwork.level}",
                    "score": 60
                },
                {
                    "value": "${details.ipRisk.level}",
                    "score": 40
                }
            ],
            "between": {
                "minScore": 700,
                "maxScore": 900
            }
        }
    },
    {
        "name": "High scored policy",
        "result": {
            "level": "HIGH"
        },
        "condition": {
            "type": "AGGREGATED_SCORES",
            "aggregatedScores": [
                {
                    "value": "${details.userLocationAnomaly.level}",
                    "score": 40
                },
                {
                    "value": "${details.anonymousNetwork.level}",
                    "score": 60
                },
                {
                    "value": "${details.ipRisk.level}",
                    "score": 40
                }
            ],
            "between": {
                "minScore": 900,
                "maxScore": 1000
            }
        }
        },
        {
        "name" : "FALLBACK",
        "result" : {
          "mitigations" : [ {
            "action" : "DENY"
          } ],
          "type" : "MITIGATION_FALLBACK"
        }
      }
    ]
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

POST /environments/{{envID}}/riskPolicySets HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "name": "Targeted policy with mitigations",
    "defaultResult": {
        "level": "Low"
    },
    "targets":{
        "condition": { "and": [{
            "list": ["AUTHENTICATION", "AUTHORIZATION"],
            "contains": "${event.flow.type}"
          },
          {
            "list": ["Sales"],
            "contains": "${event.user.groups}"
          },
          {
            "list": ["6b6f867b-d768-4c2c-a9b6-6816da00d824", "845c9918-94d7-430c-b3d8-eafafc215fd9"],
            "contains": "${event.targetResource.id}"
          }]
        }
    },
    "riskPolicies": [{
        "name" : "USER_LOCATION_ANOMALY",
        "result" : {
          "mitigations" : [ {
            "action" : "CUSTOM",
            "customAction" : "CustomActionForUserLocationAnomaly"
          }],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.userLocationAnomaly.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "VELOCITY",
        "result" : {
          "mitigations" : [ {
            "action" : "DENY_AND_SUSPEND"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.ipVelocityByUser.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },{
        "name" : "USER_RISK_BEHAVIOR",
        "result" : {
          "mitigations" : [ {
            "action" : "VERIFY"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.userBasedRiskBehavior.level}",
          "equals" : "Medium",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "EMAIL_REPUTATION",
        "result" : {
          "mitigations" : [ {
            "action" : "MFA",
            "mfaAuthenticationPolicyId" : "{{deviceAuthenticationPolicyID}}"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.emailReputation.level}",
          "equals" : "High",
          "type" : "VALUE_COMPARISON"
        }
      },
      {
        "name" : "IP_REPUTATION",
        "result" : {
          "mitigations" : [ {
            "action" : "APPROVE"
          } ],
          "type" : "MITIGATION"
        },
        "condition" : {
          "value" : "${details.ipRisk.level}",
          "equals" : "Low",
          "type" : "VALUE_COMPARISON"
        }
    },
    {
        "name": "Medium scored policy",
        "result": {
            "level": "MEDIUM"
        },
        "condition": {
            "type": "AGGREGATED_SCORES",
            "aggregatedScores": [
                {
                    "value": "${details.userLocationAnomaly.level}",
                    "score": 40
                },
                {
                    "value": "${details.anonymousNetwork.level}",
                    "score": 60
                },
                {
                    "value": "${details.ipRisk.level}",
                    "score": 40
                }
            ],
            "between": {
                "minScore": 700,
                "maxScore": 900
            }
        }
    },
    {
        "name": "High scored policy",
        "result": {
            "level": "HIGH"
        },
        "condition": {
            "type": "AGGREGATED_SCORES",
            "aggregatedScores": [
                {
                    "value": "${details.userLocationAnomaly.level}",
                    "score": 40
                },
                {
                    "value": "${details.anonymousNetwork.level}",
                    "score": 60
                },
                {
                    "value": "${details.ipRisk.level}",
                    "score": 40
                }
            ],
            "between": {
                "minScore": 900,
                "maxScore": 1000
            }
        }
        },
        {
        "name" : "FALLBACK",
        "result" : {
          "mitigations" : [ {
            "action" : "DENY"
          } ],
          "type" : "MITIGATION_FALLBACK"
        }
      }
    ]
}

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"name\": \"Targeted policy with mitigations\",\n    \"defaultResult\": {\n        \"level\": \"Low\"\n    },\n    \"targets\":{\n        \"condition\": { \"and\": [{\n            \"list\": [\"AUTHENTICATION\", \"AUTHORIZATION\"],\n            \"contains\": \"${event.flow.type}\"\n          },\n          { \n            \"list\": [\"Sales\"],\n            \"contains\": \"${event.user.groups}\"\n          },\n          { \n            \"list\": [\"6b6f867b-d768-4c2c-a9b6-6816da00d824\", \"845c9918-94d7-430c-b3d8-eafafc215fd9\"],\n            \"contains\": \"${event.targetResource.id}\"\n          }]\n        }\n    },\n    \"riskPolicies\": [{\n        \"name\" : \"USER_LOCATION_ANOMALY\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"CUSTOM\",\n            \"customAction\" : \"CustomActionForUserLocationAnomaly\"\n          }],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.userLocationAnomaly.level}\",\n          \"equals\" : \"High\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n      },\n      {\n        \"name\" : \"VELOCITY\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"DENY_AND_SUSPEND\"\n          } ],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.ipVelocityByUser.level}\",\n          \"equals\" : \"High\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n      },{\n        \"name\" : \"USER_RISK_BEHAVIOR\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"VERIFY\"\n          } ],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.userBasedRiskBehavior.level}\",\n          \"equals\" : \"Medium\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n      },\n      {\n        \"name\" : \"EMAIL_REPUTATION\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"MFA\",\n            \"mfaAuthenticationPolicyId\" : \"{{deviceAuthenticationPolicyID}}\"\n          } ],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.emailReputation.level}\",\n          \"equals\" : \"High\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n      },\n      {\n        \"name\" : \"IP_REPUTATION\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"APPROVE\"\n          } ],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.ipRisk.level}\",\n          \"equals\" : \"Low\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n    },\n    {\n        \"name\": \"Medium scored policy\",\n        \"result\": {\n            \"level\": \"MEDIUM\"\n        },\n        \"condition\": {\n            \"type\": \"AGGREGATED_SCORES\",\n            \"aggregatedScores\": [\n                {\n                    \"value\": \"${details.userLocationAnomaly.level}\",\n                    \"score\": 40\n                },\n                {\n                    \"value\": \"${details.anonymousNetwork.level}\",\n                    \"score\": 60\n                },\n                {\n                    \"value\": \"${details.ipRisk.level}\",\n                    \"score\": 40\n                }\n            ],\n            \"between\": {\n                \"minScore\": 700,\n                \"maxScore\": 900\n            }\n        }\n    },\n    {\n        \"name\": \"High scored policy\",\n        \"result\": {\n            \"level\": \"HIGH\"\n        },\n        \"condition\": {\n            \"type\": \"AGGREGATED_SCORES\",\n            \"aggregatedScores\": [\n                {\n                    \"value\": \"${details.userLocationAnomaly.level}\",\n                    \"score\": 40\n                },\n                {\n                    \"value\": \"${details.anonymousNetwork.level}\",\n                    \"score\": 60\n                },\n                {\n                    \"value\": \"${details.ipRisk.level}\",\n                    \"score\": 40\n                }\n            ],\n            \"between\": {\n                \"minScore\": 900,\n                \"maxScore\": 1000\n            }\n        }\n        },\n        {\n        \"name\" : \"FALLBACK\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"DENY\"\n          } ],\n          \"type\" : \"MITIGATION_FALLBACK\"\n        }\n      } \n    ]\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/riskPolicySets")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();

var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/riskPolicySets",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "name": "Targeted policy with mitigations",
    "defaultResult": {
      "level": "Low"
    },
    "targets": {
      "condition": {
        "and": [
          {
            "list": [
              "AUTHENTICATION",
              "AUTHORIZATION"
            ],
            "contains": "${event.flow.type}"
          },
          {
            "list": [
              "Sales"
            ],
            "contains": "${event.user.groups}"
          },
          {
            "list": [
              "6b6f867b-d768-4c2c-a9b6-6816da00d824",
              "845c9918-94d7-430c-b3d8-eafafc215fd9"
            ],
            "contains": "${event.targetResource.id}"
          }
        ]
      }
    },
    "riskPolicies": [
      {
        "name": "USER_LOCATION_ANOMALY",
        "result": {
          "mitigations": [
            {
              "action": "CUSTOM",
              "customAction": "CustomActionForUserLocationAnomaly"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.userLocationAnomaly.level}",
          "equals": "High",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "VELOCITY",
        "result": {
          "mitigations": [
            {
              "action": "DENY_AND_SUSPEND"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.ipVelocityByUser.level}",
          "equals": "High",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "USER_RISK_BEHAVIOR",
        "result": {
          "mitigations": [
            {
              "action": "VERIFY"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.userBasedRiskBehavior.level}",
          "equals": "Medium",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "EMAIL_REPUTATION",
        "result": {
          "mitigations": [
            {
              "action": "MFA",
              "mfaAuthenticationPolicyId": "{{deviceAuthenticationPolicyID}}"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.emailReputation.level}",
          "equals": "High",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "IP_REPUTATION",
        "result": {
          "mitigations": [
            {
              "action": "APPROVE"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.ipRisk.level}",
          "equals": "Low",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "Medium scored policy",
        "result": {
          "level": "MEDIUM"
        },
        "condition": {
          "type": "AGGREGATED_SCORES",
          "aggregatedScores": [
            {
              "value": "${details.userLocationAnomaly.level}",
              "score": 40
            },
            {
              "value": "${details.anonymousNetwork.level}",
              "score": 60
            },
            {
              "value": "${details.ipRisk.level}",
              "score": 40
            }
          ],
          "between": {
            "minScore": 700,
            "maxScore": 900
          }
        }
      },
      {
        "name": "High scored policy",
        "result": {
          "level": "HIGH"
        },
        "condition": {
          "type": "AGGREGATED_SCORES",
          "aggregatedScores": [
            {
              "value": "${details.userLocationAnomaly.level}",
              "score": 40
            },
            {
              "value": "${details.anonymousNetwork.level}",
              "score": 60
            },
            {
              "value": "${details.ipRisk.level}",
              "score": 40
            }
          ],
          "between": {
            "minScore": 900,
            "maxScore": 1000
          }
        }
      },
      {
        "name": "FALLBACK",
        "result": {
          "mitigations": [
            {
              "action": "DENY"
            }
          ],
          "type": "MITIGATION_FALLBACK"
        }
      }
    ]
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});

var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/riskPolicySets',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "name": "Targeted policy with mitigations",
    "defaultResult": {
      "level": "Low"
    },
    "targets": {
      "condition": {
        "and": [
          {
            "list": [
              "AUTHENTICATION",
              "AUTHORIZATION"
            ],
            "contains": "${event.flow.type}"
          },
          {
            "list": [
              "Sales"
            ],
            "contains": "${event.user.groups}"
          },
          {
            "list": [
              "6b6f867b-d768-4c2c-a9b6-6816da00d824",
              "845c9918-94d7-430c-b3d8-eafafc215fd9"
            ],
            "contains": "${event.targetResource.id}"
          }
        ]
      }
    },
    "riskPolicies": [
      {
        "name": "USER_LOCATION_ANOMALY",
        "result": {
          "mitigations": [
            {
              "action": "CUSTOM",
              "customAction": "CustomActionForUserLocationAnomaly"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.userLocationAnomaly.level}",
          "equals": "High",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "VELOCITY",
        "result": {
          "mitigations": [
            {
              "action": "DENY_AND_SUSPEND"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.ipVelocityByUser.level}",
          "equals": "High",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "USER_RISK_BEHAVIOR",
        "result": {
          "mitigations": [
            {
              "action": "VERIFY"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.userBasedRiskBehavior.level}",
          "equals": "Medium",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "EMAIL_REPUTATION",
        "result": {
          "mitigations": [
            {
              "action": "MFA",
              "mfaAuthenticationPolicyId": "{{deviceAuthenticationPolicyID}}"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.emailReputation.level}",
          "equals": "High",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "IP_REPUTATION",
        "result": {
          "mitigations": [
            {
              "action": "APPROVE"
            }
          ],
          "type": "MITIGATION"
        },
        "condition": {
          "value": "${details.ipRisk.level}",
          "equals": "Low",
          "type": "VALUE_COMPARISON"
        }
      },
      {
        "name": "Medium scored policy",
        "result": {
          "level": "MEDIUM"
        },
        "condition": {
          "type": "AGGREGATED_SCORES",
          "aggregatedScores": [
            {
              "value": "${details.userLocationAnomaly.level}",
              "score": 40
            },
            {
              "value": "${details.anonymousNetwork.level}",
              "score": 60
            },
            {
              "value": "${details.ipRisk.level}",
              "score": 40
            }
          ],
          "between": {
            "minScore": 700,
            "maxScore": 900
          }
        }
      },
      {
        "name": "High scored policy",
        "result": {
          "level": "HIGH"
        },
        "condition": {
          "type": "AGGREGATED_SCORES",
          "aggregatedScores": [
            {
              "value": "${details.userLocationAnomaly.level}",
              "score": 40
            },
            {
              "value": "${details.anonymousNetwork.level}",
              "score": 60
            },
            {
              "value": "${details.ipRisk.level}",
              "score": 40
            }
          ],
          "between": {
            "minScore": 900,
            "maxScore": 1000
          }
        }
      },
      {
        "name": "FALLBACK",
        "result": {
          "mitigations": [
            {
              "action": "DENY"
            }
          ],
          "type": "MITIGATION_FALLBACK"
        }
      }
    ]
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import requests
import json

url = "{{apiPath}}/environments/{{envID}}/riskPolicySets"

payload = json.dumps({
  "name": "Targeted policy with mitigations",
  "defaultResult": {
    "level": "Low"
  },
  "targets": {
    "condition": {
      "and": [
        {
          "list": [
            "AUTHENTICATION",
            "AUTHORIZATION"
          ],
          "contains": "${event.flow.type}"
        },
        {
          "list": [
            "Sales"
          ],
          "contains": "${event.user.groups}"
        },
        {
          "list": [
            "6b6f867b-d768-4c2c-a9b6-6816da00d824",
            "845c9918-94d7-430c-b3d8-eafafc215fd9"
          ],
          "contains": "${event.targetResource.id}"
        }
      ]
    }
  },
  "riskPolicies": [
    {
      "name": "USER_LOCATION_ANOMALY",
      "result": {
        "mitigations": [
          {
            "action": "CUSTOM",
            "customAction": "CustomActionForUserLocationAnomaly"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "${details.userLocationAnomaly.level}",
        "equals": "High",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "VELOCITY",
      "result": {
        "mitigations": [
          {
            "action": "DENY_AND_SUSPEND"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "${details.ipVelocityByUser.level}",
        "equals": "High",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "USER_RISK_BEHAVIOR",
      "result": {
        "mitigations": [
          {
            "action": "VERIFY"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "${details.userBasedRiskBehavior.level}",
        "equals": "Medium",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "EMAIL_REPUTATION",
      "result": {
        "mitigations": [
          {
            "action": "MFA",
            "mfaAuthenticationPolicyId": "{{deviceAuthenticationPolicyID}}"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "${details.emailReputation.level}",
        "equals": "High",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "IP_REPUTATION",
      "result": {
        "mitigations": [
          {
            "action": "APPROVE"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "${details.ipRisk.level}",
        "equals": "Low",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "Medium scored policy",
      "result": {
        "level": "MEDIUM"
      },
      "condition": {
        "type": "AGGREGATED_SCORES",
        "aggregatedScores": [
          {
            "value": "${details.userLocationAnomaly.level}",
            "score": 40
          },
          {
            "value": "${details.anonymousNetwork.level}",
            "score": 60
          },
          {
            "value": "${details.ipRisk.level}",
            "score": 40
          }
        ],
        "between": {
          "minScore": 700,
          "maxScore": 900
        }
      }
    },
    {
      "name": "High scored policy",
      "result": {
        "level": "HIGH"
      },
      "condition": {
        "type": "AGGREGATED_SCORES",
        "aggregatedScores": [
          {
            "value": "${details.userLocationAnomaly.level}",
            "score": 40
          },
          {
            "value": "${details.anonymousNetwork.level}",
            "score": 60
          },
          {
            "value": "${details.ipRisk.level}",
            "score": 40
          }
        ],
        "between": {
          "minScore": 900,
          "maxScore": 1000
        }
      }
    },
    {
      "name": "FALLBACK",
      "result": {
        "mitigations": [
          {
            "action": "DENY"
          }
        ],
        "type": "MITIGATION_FALLBACK"
      }
    }
  ]
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/riskPolicySets');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "name": "Targeted policy with mitigations",\n    "defaultResult": {\n        "level": "Low"\n    },\n    "targets":{\n        "condition": { "and": [{\n            "list": ["AUTHENTICATION", "AUTHORIZATION"],\n            "contains": "${event.flow.type}"\n          },\n          { \n            "list": ["Sales"],\n            "contains": "${event.user.groups}"\n          },\n          { \n            "list": ["6b6f867b-d768-4c2c-a9b6-6816da00d824", "845c9918-94d7-430c-b3d8-eafafc215fd9"],\n            "contains": "${event.targetResource.id}"\n          }]\n        }\n    },\n    "riskPolicies": [{\n        "name" : "USER_LOCATION_ANOMALY",\n        "result" : {\n          "mitigations" : [ {\n            "action" : "CUSTOM",\n            "customAction" : "CustomActionForUserLocationAnomaly"\n          }],\n          "type" : "MITIGATION"\n        },\n        "condition" : {\n          "value" : "${details.userLocationAnomaly.level}",\n          "equals" : "High",\n          "type" : "VALUE_COMPARISON"\n        }\n      },\n      {\n        "name" : "VELOCITY",\n        "result" : {\n          "mitigations" : [ {\n            "action" : "DENY_AND_SUSPEND"\n          } ],\n          "type" : "MITIGATION"\n        },\n        "condition" : {\n          "value" : "${details.ipVelocityByUser.level}",\n          "equals" : "High",\n          "type" : "VALUE_COMPARISON"\n        }\n      },{\n        "name" : "USER_RISK_BEHAVIOR",\n        "result" : {\n          "mitigations" : [ {\n            "action" : "VERIFY"\n          } ],\n          "type" : "MITIGATION"\n        },\n        "condition" : {\n          "value" : "${details.userBasedRiskBehavior.level}",\n          "equals" : "Medium",\n          "type" : "VALUE_COMPARISON"\n        }\n      },\n      {\n        "name" : "EMAIL_REPUTATION",\n        "result" : {\n          "mitigations" : [ {\n            "action" : "MFA",\n            "mfaAuthenticationPolicyId" : "{{deviceAuthenticationPolicyID}}"\n          } ],\n          "type" : "MITIGATION"\n        },\n        "condition" : {\n          "value" : "${details.emailReputation.level}",\n          "equals" : "High",\n          "type" : "VALUE_COMPARISON"\n        }\n      },\n      {\n        "name" : "IP_REPUTATION",\n        "result" : {\n          "mitigations" : [ {\n            "action" : "APPROVE"\n          } ],\n          "type" : "MITIGATION"\n        },\n        "condition" : {\n          "value" : "${details.ipRisk.level}",\n          "equals" : "Low",\n          "type" : "VALUE_COMPARISON"\n        }\n    },\n    {\n        "name": "Medium scored policy",\n        "result": {\n            "level": "MEDIUM"\n        },\n        "condition": {\n            "type": "AGGREGATED_SCORES",\n            "aggregatedScores": [\n                {\n                    "value": "${details.userLocationAnomaly.level}",\n                    "score": 40\n                },\n                {\n                    "value": "${details.anonymousNetwork.level}",\n                    "score": 60\n                },\n                {\n                    "value": "${details.ipRisk.level}",\n                    "score": 40\n                }\n            ],\n            "between": {\n                "minScore": 700,\n                "maxScore": 900\n            }\n        }\n    },\n    {\n        "name": "High scored policy",\n        "result": {\n            "level": "HIGH"\n        },\n        "condition": {\n            "type": "AGGREGATED_SCORES",\n            "aggregatedScores": [\n                {\n                    "value": "${details.userLocationAnomaly.level}",\n                    "score": 40\n                },\n                {\n                    "value": "${details.anonymousNetwork.level}",\n                    "score": 60\n                },\n                {\n                    "value": "${details.ipRisk.level}",\n                    "score": 40\n                }\n            ],\n            "between": {\n                "minScore": 900,\n                "maxScore": 1000\n            }\n        }\n        },\n        {\n        "name" : "FALLBACK",\n        "result" : {\n          "mitigations" : [ {\n            "action" : "DENY"\n          } ],\n          "type" : "MITIGATION_FALLBACK"\n        }\n      } \n    ]\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}

require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/riskPolicySets")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "name": "Targeted policy with mitigations",
  "defaultResult": {
    "level": "Low"
  },
  "targets": {
    "condition": {
      "and": [
        {
          "list": [
            "AUTHENTICATION",
            "AUTHORIZATION"
          ],
          "contains": "\${event.flow.type}"
        },
        {
          "list": [
            "Sales"
          ],
          "contains": "\${event.user.groups}"
        },
        {
          "list": [
            "6b6f867b-d768-4c2c-a9b6-6816da00d824",
            "845c9918-94d7-430c-b3d8-eafafc215fd9"
          ],
          "contains": "\${event.targetResource.id}"
        }
      ]
    }
  },
  "riskPolicies": [
    {
      "name": "USER_LOCATION_ANOMALY",
      "result": {
        "mitigations": [
          {
            "action": "CUSTOM",
            "customAction": "CustomActionForUserLocationAnomaly"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "\${details.userLocationAnomaly.level}",
        "equals": "High",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "VELOCITY",
      "result": {
        "mitigations": [
          {
            "action": "DENY_AND_SUSPEND"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "\${details.ipVelocityByUser.level}",
        "equals": "High",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "USER_RISK_BEHAVIOR",
      "result": {
        "mitigations": [
          {
            "action": "VERIFY"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "\${details.userBasedRiskBehavior.level}",
        "equals": "Medium",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "EMAIL_REPUTATION",
      "result": {
        "mitigations": [
          {
            "action": "MFA",
            "mfaAuthenticationPolicyId": "{{deviceAuthenticationPolicyID}}"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "\${details.emailReputation.level}",
        "equals": "High",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "IP_REPUTATION",
      "result": {
        "mitigations": [
          {
            "action": "APPROVE"
          }
        ],
        "type": "MITIGATION"
      },
      "condition": {
        "value": "\${details.ipRisk.level}",
        "equals": "Low",
        "type": "VALUE_COMPARISON"
      }
    },
    {
      "name": "Medium scored policy",
      "result": {
        "level": "MEDIUM"
      },
      "condition": {
        "type": "AGGREGATED_SCORES",
        "aggregatedScores": [
          {
            "value": "\${details.userLocationAnomaly.level}",
            "score": 40
          },
          {
            "value": "\${details.anonymousNetwork.level}",
            "score": 60
          },
          {
            "value": "\${details.ipRisk.level}",
            "score": 40
          }
        ],
        "between": {
          "minScore": 700,
          "maxScore": 900
        }
      }
    },
    {
      "name": "High scored policy",
      "result": {
        "level": "HIGH"
      },
      "condition": {
        "type": "AGGREGATED_SCORES",
        "aggregatedScores": [
          {
            "value": "\${details.userLocationAnomaly.level}",
            "score": 40
          },
          {
            "value": "\${details.anonymousNetwork.level}",
            "score": 60
          },
          {
            "value": "\${details.ipRisk.level}",
            "score": 40
          }
        ],
        "between": {
          "minScore": 900,
          "maxScore": 1000
        }
      }
    },
    {
      "name": "FALLBACK",
      "result": {
        "mitigations": [
          {
            "action": "DENY"
          }
        ],
        "type": "MITIGATION_FALLBACK"
      }
    }
  ]
})

response = http.request(request)
puts response.read_body

let parameters = "{\n    \"name\": \"Targeted policy with mitigations\",\n    \"defaultResult\": {\n        \"level\": \"Low\"\n    },\n    \"targets\":{\n        \"condition\": { \"and\": [{\n            \"list\": [\"AUTHENTICATION\", \"AUTHORIZATION\"],\n            \"contains\": \"${event.flow.type}\"\n          },\n          { \n            \"list\": [\"Sales\"],\n            \"contains\": \"${event.user.groups}\"\n          },\n          { \n            \"list\": [\"6b6f867b-d768-4c2c-a9b6-6816da00d824\", \"845c9918-94d7-430c-b3d8-eafafc215fd9\"],\n            \"contains\": \"${event.targetResource.id}\"\n          }]\n        }\n    },\n    \"riskPolicies\": [{\n        \"name\" : \"USER_LOCATION_ANOMALY\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"CUSTOM\",\n            \"customAction\" : \"CustomActionForUserLocationAnomaly\"\n          }],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.userLocationAnomaly.level}\",\n          \"equals\" : \"High\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n      },\n      {\n        \"name\" : \"VELOCITY\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"DENY_AND_SUSPEND\"\n          } ],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.ipVelocityByUser.level}\",\n          \"equals\" : \"High\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n      },{\n        \"name\" : \"USER_RISK_BEHAVIOR\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"VERIFY\"\n          } ],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.userBasedRiskBehavior.level}\",\n          \"equals\" : \"Medium\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n      },\n      {\n        \"name\" : \"EMAIL_REPUTATION\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"MFA\",\n            \"mfaAuthenticationPolicyId\" : \"{{deviceAuthenticationPolicyID}}\"\n          } ],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.emailReputation.level}\",\n          \"equals\" : \"High\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n      },\n      {\n        \"name\" : \"IP_REPUTATION\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"APPROVE\"\n          } ],\n          \"type\" : \"MITIGATION\"\n        },\n        \"condition\" : {\n          \"value\" : \"${details.ipRisk.level}\",\n          \"equals\" : \"Low\",\n          \"type\" : \"VALUE_COMPARISON\"\n        }\n    },\n    {\n        \"name\": \"Medium scored policy\",\n        \"result\": {\n            \"level\": \"MEDIUM\"\n        },\n        \"condition\": {\n            \"type\": \"AGGREGATED_SCORES\",\n            \"aggregatedScores\": [\n                {\n                    \"value\": \"${details.userLocationAnomaly.level}\",\n                    \"score\": 40\n                },\n                {\n                    \"value\": \"${details.anonymousNetwork.level}\",\n                    \"score\": 60\n                },\n                {\n                    \"value\": \"${details.ipRisk.level}\",\n                    \"score\": 40\n                }\n            ],\n            \"between\": {\n                \"minScore\": 700,\n                \"maxScore\": 900\n            }\n        }\n    },\n    {\n        \"name\": \"High scored policy\",\n        \"result\": {\n            \"level\": \"HIGH\"\n        },\n        \"condition\": {\n            \"type\": \"AGGREGATED_SCORES\",\n            \"aggregatedScores\": [\n                {\n                    \"value\": \"${details.userLocationAnomaly.level}\",\n                    \"score\": 40\n                },\n                {\n                    \"value\": \"${details.anonymousNetwork.level}\",\n                    \"score\": 60\n                },\n                {\n                    \"value\": \"${details.ipRisk.level}\",\n                    \"score\": 40\n                }\n            ],\n            \"between\": {\n                \"minScore\": 900,\n                \"maxScore\": 1000\n            }\n        }\n        },\n        {\n        \"name\" : \"FALLBACK\",\n        \"result\" : {\n          \"mitigations\" : [ {\n            \"action\" : \"DENY\"\n          } ],\n          \"type\" : \"MITIGATION_FALLBACK\"\n        }\n      } \n    ]\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/riskPolicySets")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/riskPolicySets/a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
        },
        "environment": {
            "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        }
    },
    "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "name": "Targeted policy with mitigations",
    "createdAt": "2025-06-08T10:15:46.467Z",
    "updatedAt": "2025-06-08T10:15:46.467Z",
    "defaultResult": {
        "level": "LOW",
        "type": "VALUE"
    },
    "targets": {
        "condition": {
            "and": [
                {
                    "list": [
                        "AUTHENTICATION",
                        "AUTHORIZATION"
                    ],
                    "contains": "${event.flow.type}",
                    "type": "STRING_LIST"
                },
                {
                    "list": [
                        "Sales"
                    ],
                    "contains": "${event.user.groups}",
                    "type": "GROUPS_INTERSECTION"
                },
                {
                    "list": [
                        "6b6f867b-d768-4c2c-a9b6-6816da00d824",
                        "845c9918-94d7-430c-b3d8-eafafc215fd9"
                    ],
                    "contains": "${event.targetResource.id}",
                    "type": "STRING_LIST"
                }
            ],
            "type": "AND"
        }
    },
    "riskPolicies": [
        {
            "id": "c4f4a620-c795-4b98-8674-a8b112120c2e",
            "environment": {
                "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
            },
            "policySet": {
                "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
            },
            "name": "USER_LOCATION_ANOMALY",
            "priority": 1,
            "result": {
                "mitigations": [
                    {
                        "action": "CUSTOM",
                        "customAction": "CustomActionForUserLocationAnomaly"
                    }
                ],
                "type": "MITIGATION"
            },
            "condition": {
                "equals": "High",
                "value": "${details.userLocationAnomaly.level}",
                "type": "VALUE_COMPARISON"
            },
            "createdAt": "2025-06-08T10:15:46.467Z",
            "updatedAt": "2025-06-08T10:15:46.467Z"
        },
        {
            "id": "a8e30812-64c4-45af-a64f-95d7e421c0fe",
            "environment": {
                "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
            },
            "policySet": {
                "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
            },
            "name": "VELOCITY",
            "priority": 2,
            "result": {
                "mitigations": [
                    {
                        "action": "DENY_AND_SUSPEND"
                    }
                ],
                "type": "MITIGATION"
            },
            "condition": {
                "equals": "High",
                "value": "${details.ipVelocityByUser.level}",
                "type": "VALUE_COMPARISON"
            },
            "createdAt": "2025-06-08T10:15:46.467Z",
            "updatedAt": "2025-06-08T10:15:46.467Z"
        },
        {
            "id": "900278ed-f80b-4fdf-b429-6fd250732f0d",
            "environment": {
                "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
            },
            "policySet": {
                "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
            },
            "name": "USER_RISK_BEHAVIOR",
            "priority": 3,
            "result": {
                "mitigations": [
                    {
                        "action": "VERIFY"
                    }
                ],
                "type": "MITIGATION"
            },
            "condition": {
                "equals": "Medium",
                "value": "${details.userBasedRiskBehavior.level}",
                "type": "VALUE_COMPARISON"
            },
            "createdAt": "2025-06-08T10:15:46.467Z",
            "updatedAt": "2025-06-08T10:15:46.467Z"
        },
        {
            "id": "388b2703-a0f0-46f1-be6f-d20ef0e654ca",
            "environment": {
                "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
            },
            "policySet": {
                "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
            },
            "name": "EMAIL_REPUTATION",
            "priority": 4,
            "result": {
                "mitigations": [
                    {
                        "action": "MFA",
                        "mfaAuthenticationPolicyId": "a3e7a1d1-90ea-4e63-aa81-23383ba1c004"
                    }
                ],
                "type": "MITIGATION"
            },
            "condition": {
                "equals": "High",
                "value": "${details.emailReputation.level}",
                "type": "VALUE_COMPARISON"
            },
            "createdAt": "2025-06-08T10:15:46.467Z",
            "updatedAt": "2025-06-08T10:15:46.467Z"
        },
        {
            "id": "65260390-81df-4e44-94f3-4ea39a1234b1",
            "environment": {
                "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
            },
            "policySet": {
                "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
            },
            "name": "IP_REPUTATION",
            "priority": 5,
            "result": {
                "mitigations": [
                    {
                        "action": "APPROVE"
                    }
                ],
                "type": "MITIGATION"
            },
            "condition": {
                "equals": "Low",
                "value": "${details.ipRisk.level}",
                "type": "VALUE_COMPARISON"
            },
            "createdAt": "2025-06-08T10:15:46.467Z",
            "updatedAt": "2025-06-08T10:15:46.467Z"
        },
        {
            "id": "0d4bb94c-55d9-4b3f-864f-23f8a8707b95",
            "environment": {
                "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
            },
            "policySet": {
                "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
            },
            "name": "Medium scored policy",
            "priority": 7,
            "result": {
                "level": "MEDIUM",
                "type": "VALUE"
            },
            "condition": {
                "between": {
                    "minScore": 700,
                    "maxScore": 900
                },
                "aggregatedScores": [
                    {
                        "value": "${details.userLocationAnomaly.level}",
                        "score": 40
                    },
                    {
                        "value": "${details.anonymousNetwork.level}",
                        "score": 60
                    },
                    {
                        "value": "${details.ipRisk.level}",
                        "score": 40
                    }
                ],
                "type": "AGGREGATED_SCORES"
            },
            "createdAt": "2025-06-08T10:15:46.467Z",
            "updatedAt": "2025-06-08T10:15:46.467Z"
        },
        {
            "id": "83bdc5fd-92f4-4174-9a2b-644fcfc44ce3",
            "environment": {
                "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
            },
            "policySet": {
                "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
            },
            "name": "High scored policy",
            "priority": 6,
            "result": {
                "level": "HIGH",
                "type": "VALUE"
            },
            "condition": {
                "between": {
                    "minScore": 900,
                    "maxScore": 1000
                },
                "aggregatedScores": [
                    {
                        "value": "${details.userLocationAnomaly.level}",
                        "score": 40
                    },
                    {
                        "value": "${details.anonymousNetwork.level}",
                        "score": 60
                    },
                    {
                        "value": "${details.ipRisk.level}",
                        "score": 40
                    }
                ],
                "type": "AGGREGATED_SCORES"
            },
            "createdAt": "2025-06-08T10:15:46.467Z",
            "updatedAt": "2025-06-08T10:15:46.467Z"
        },
        {
            "id": "33e76625-22fc-4bd8-9c16-9f9e4060d65d",
            "environment": {
                "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
            },
            "policySet": {
                "id": "a5a076d4-4182-4aa5-8fbd-d2ce5502af3d"
            },
            "name": "FALLBACK",
            "result": {
                "mitigations": [
                    {
                        "action": "DENY"
                    }
                ],
                "type": "MITIGATION_FALLBACK"
            },
            "createdAt": "2025-06-08T10:15:46.467Z",
            "updatedAt": "2025-06-08T10:15:46.467Z"
        }
    ],
    "default": false
}

PingOne Platform APIs

Create Risk Policy Set - Targeted Policy with Mitigations

Prerequisites

Headers

Body

Example Request

Example Response