IBM® Security Verify can analyze and
correlate patterns across tenants to detect threat indicators, such as attempts to brute force
access, credential stuffing attacks and deviations in established usage patterns. The alerts are
available as part of the audit event stream and can be used to take proactive remediation action,
such as disabling compromised user accounts or application clients.
Before you begin
- You must have administrative permission to complete this
task.
- Log in to the IBM Security Verify
administration console as an Administrator. For more
information, see Accessing IBM Security Verify.
About this task
Note: Verify threat
detection and remediation detects and remediates certain types of malicious IP traffic. While it
doesn't guarantee 100% of malicious IP addresses are detected or remediated, it does improve your
security and reduces your security risks.
Admins can set their Verify SaaS environment to alert and/or proactively block
login traffic that results from identified attacks. The attacks can originate from attacks on your
specific IBM Security Verify SaaS environment or attacks that are identified from other Verify SaaS
tenants in which your tenant can take proactive mitigation.
IBM Security Verify detects suspicious traffic with indicators of attack to
generate threat events. An Admin can review the events by using a Threat Events report and take
manual proactive actions such as blocking a user.
Procedure
- Select .
If no previous policy exists in the tenant, click the Create threat policy
button to configure a new threat detection and remediation policy.
For existing policies, the screen displays the records in a tabular format listed by
Name, Status, Description,
Theme, Created on and Last
updated.
Click the
icon
or
icon to switch
between the Grid and List view.
Click the
icon and select to Enable or
Delete the created policy. In the List view, hovering-over the record
displays the
icon.
- Click Create threat policy button to create a new threat detection
and remediation policy. Refer Creating a threat policy for further
details.
- The created threat policy can be enabled. For enabled policy, the
Status gets displayed as Active in the main
Threat detection screen. Refer Enabling threat policy for
further details.
Note: Only one threat detection policy can be enabled at a time. Enabling a threat detection policy
while the other is active, disables the currently enabled policy
- After creating the policy, it can be reviewed and changes can be made before enabling.
Refer Editing threat policyfor further details.