The Threat View product package also includes the Event Simulator, a service that generates test events at regular intervals to provide realistic data. The Event Simulator can be used to quickly evaluate Threat View in a demo environment as it allows to install Threat View locally. You can then load the Threat View dashboard and reports already populated with realistic data.
The Event Simulator is a separate package to be installed together with Docker Compose and is provided on an as-is basis for demonstration purposes only. OneSpan provides only minimal support to the extent required for use as a demonstration tool.
General principles
The Event Simulator has two components: a real-time events generator, which keeps sending events to the Threat View Data Collector Service at regular intervals, and a historical data populator, which aggregates data for any missing data point in the last year.
Real-time events generator
To simulate peaks and off-peak times, the real-time events simulator generates either more or less data, depending on the current time of day. For each event, the simulator picks values for the different fields at (semi-)random. The distribution for each field is weighed to realistically replicate real-world situations. Once every field contains a value, the generator sends the event to the Threat View Data Collector service.
Historical data populator
The historical data populator picks up the data the generator sent from the Data Collector service and inspects every data aggregation in the daily and monthly data tables individually. If any data is missing for the last 365 days, the populator generates and pushes data aggregations for those missing points in time. More specifically, a daily aggregation is only generated for those days that do not have any hourly data, and a monthly aggregation is only generated for months that do not have any daily data. The data aggregations have the same ratios of events as those of the real-time simulator to get a seamless transition between historical and real-time data. This ensures that data is available for visualization at all times when the user picks a filter for a longer time range.
Generated data
The simulator generates the following data for the monitored threat types (see Types of monitored threats):
Event type
App running in virtual space
Device rooted
Hooking framework detected
Library injection
Screen capture
App startup
Each session starts with an app startup; this is not a threat but used to calculate some of the monitoring metrics.
Current time
User ID
Device model
Operating system of the device
Operating system version
Geolocation enabled or disabled on device
If enabled, geolocation data includes GPS coordinates from a set of predefined locations
Operating system language of the device
Time zone of the device
Unique identifier of the application
Application version
Installation date of the application
If the application is shielded via OneSpan Mobile Application Shielding
And, if the application is shielded, the Event Simulator also generates extra information about the detected threat.
Version of the Threat View Client SDK installed on the device