Docs

Configuring Response Policies

Suggest Edits

Response Policies allow you to define automated actions in response to events generated by Detection Models. By creating and configuring these policies, teams can streamline their incident response processes, ensuring timely and appropriate actions are taken when specific conditions are met.

Before adding a response policy, add one or more response integrations. See: Automating Response in Fusion.

Adding a Response Policy

  1. In Settings > Response Policies, click the Add Response Policy button.

  2. On the Add Response Policy page, fill in the following configuration options:

    • Policy Name: Enter a unique and descriptive name for the Response Policy (required).
    • Enabled: Check the box to enable the policy, or leave it unchecked to disable it.
    • Description: Provide an optional description to give more context about the policy.
    • Detection Categories: Select one or more Detection Categories from the dropdown menu to define the scope of the policy.
    • Detection Models: Choose one or more Detection Models from the dropdown menu to refine the policy's focus further.
    • Track By: Select a tracking option from the dropdown menu to determine how the policy tracks affected objects.
    • Integrations: Choose one or more response integrations from the dropdown menu to select which response actions to take for this policy. The response integrations must be already configured to be selected here. See Configuring Response Integrations.
    • Severities: Check the boxes for "High," "Medium," and/or "Low" to define the severity levels the policy should respond to.
    • Alert Types: Check the applicable Alert Types: "START," "ONGOING," and/or "END."

  3. After configuring the response policy configuration, click the CREATE button to save the new Response Policy.

The new policy will now be added to the list of available Response Policies and can be used to automate actions in response to events generated by Detection Models.


📘

You can also edit current Response Policies or toggle the Update dropdown to 'Create' on the ellipsis option when selecting a Response Policy entry row

Updated 3 months ago

What’s Next

Check out our KB on adding new response policies