Response Policies

Response Policies are essential for defining automated actions in response to alerts generated by Detection Models. By creating and configuring these policies, teams can streamline their incident response processes, ensuring timely and appropriate actions are taken when specific conditions are met.

The Response Policies table contains the following columns:

• Unchecked/Checked: A checkbox to select or deselect a response policy.
• Policy Name: Displays the name of the response policy.
• Detection Categories/Models: A drop-down menu for selecting the Detection Model(s) or category(ies) associated with the response policy.
• Tracked Objects: Indicates the tracked objects (e.g., IP addresses or devices) associated with the policy.
• Severities: A drop-down menu for selecting the severity level(s) that will trigger the response policy. Options include 'All', 'High', 'Medium', and 'Low'.
• Alert Types: A drop-down menu for selecting the alert type(s) that will trigger the response policy. Options include 'All', 'Start', 'Ongoing', and 'End'.
• Integrations: A drop-down menu for selecting the integration(s) used by the response policy. Options include 'All', 'Blocklist', 'Email', 'RTBH' (Remotely Triggered Black Hole), and 'Slack'.

Layout options

On the top left hamburger button under the Response Policies heading, you can export your Response Policy layout results in your current view, or all fields. You can also configure the layout options by toggling the switches for each column.