Skip Navigation

Configure adaptive response settings

You can set adaptive response to one of two operating modes:
  • Passive: A training mode where the identity risk engine monitors data and builds a risk model for each user. In passive mode, alerts are generated for events, but the actions that are configured in adaptive response policies are not executed.
  • Active: The identity risk engine monitors data and builds a risk model for each user. When an unusual network event is detected, the actions that are configured in policies are applied.
  1. On the menu bar, click
    Gateway > Settings
    .
  2. Click the
    Adaptive Response
    tab.
  3. In the
    Operating mode
    drop-down list, select the operating mode.
    When the first user is added to an adaptive response policy, a training period for the adaptive response risk model is started and lasts until the following conditions are met: 1000 events are collected for the user’s tenant and 14 calendar days pass. Alerts are not generated during the training period.
  4. Click
    Save
    .