Configure adaptive response settings
You can set adaptive response to one of two operating modes:
- Passive: A training mode where the identity risk engine monitors data and builds a risk model for each user. In passive mode, alerts are generated for events, but the actions that are configured in adaptive response policies are not executed.
- Active: The identity risk engine monitors data and builds a risk model for each user. When an unusual network event is detected, the actions that are configured in policies are applied.
- On the menu bar, clickGateway > Settings.
- Click theAdaptive Responsetab.
- In theOperating modedrop-down list, select the operating mode.When the first user is added to an adaptive response policy, a training period for the adaptive response risk model is started and lasts until the following conditions are met: 1000 events are collected for the user’s tenant and 14 calendar days pass. Alerts are not generated during the training period.