Creating a threat policy

Edit online

Configure the actions and rules in a threat and remediation policy that you want to apply if there are suspicious activities.

Procedure

  1. Select Security > Threat detection.
  2. Click Create threat policy button to create a new threat detection and remediation policy.
  3. The Create threat policy pop-up screen opens. The sections needed to configure threat policy are shown in the left panel of the screen.
  4. In the General settings section, enter the policy Name, Description, and select the Theme.
    Refer to the following steps to configure the theme:
    • Select User experience > Branding.
    • Navigate to the notifications folder under the specific theme of interest to locate the threat_detection_email.xml in the threat_detection folder. To customize threat_detection_email.xml, see Modify threat detection email notification pages.
  5. In the Contacts section, select the groups that must be notified after the alerts are triggered.

    After the groups are selected, the screen displays the records in tabular format that are listed by Group name and Number of users. Click the Del icon to delete the specific group record from the list.

    In certain selected group(s), the number of users can either be unspecified, zero or more than 100. The threat detection notification is sent to first 100 users in each group.

  6. In the Critical level section, set the actions to be taken if there is suspicious activity.
  7. In the Warning level section, the actions can be configured in the same manner as done in the Critical level section.
  8. In the IP filter section, enter the IP addresses to be set a part of Allow list or Deny list.
  9. Click Save to add the new policy.
  10. The policy gets created and the opened screen displays its details. The right panel of the screen allows to Enable, Edit, and Delete the policy. Clicking View Report opens the threat detection report. The Details displays the Created on, Last modified, and Last modified by.

What to do next

Click Enable to activate the policy.

To make any changes to the created policy, click Edit or click the Edit icon from the respective section tile to make changes in it.