Add a mitigation action Skip Navigation

Add a mitigation action

When you use
CylancePERSONA Desktop
for the first time, you should create a passive policy that has no mitigation specified in it. You can use the passive policy to test
CylancePERSONA Desktop
in your environment and see what type of alerts it generates without affecting your users. You can also use the Alerts Only mitigation action to monitor events from the console without prompting your users for authentication. After you finish testing, you can add mitigation actions to the policy.
After a user reauthenticates due to a mitigation action,
CylancePERSONA Desktop
does not trigger another mitigation action for 60 minutes, unless the user crosses the next threshold. If a second mitigation action is triggered,
CylancePERSONA Desktop
does not trigger another mitigation action for 60 minutes, regardless of the trust score during those 60 minutes.
  1. In the management console, on the menu bar, click
    Policies > Device Policy
    .
  2. Click
    Add New Policy
    .
  3. On the
    CylancePERSONA Settings
    tab, select the
    CylancePERSONA
    check box.
  4. Click
    Add Mitigation Action
    .
  5. In the
    If a User's Trust Score Falls Below
    field, enter a value between 10 and 90.
    If the user's score falls below this value, the selected mitigation action is triggered.
  6. From the
    Mitigation Action
    drop-down list, select a mitigation action. Up to two mitigation actions are allowed per policy.
    1. This can be a prompt for a username and password and a second-factor challenge, or two prompts for a username and password. You can also select Alerts Only as a mitigation action to monitor events without prompting users for authentication.
    2. When you add a second-factor challenge, select either OTP Authenticator or FIDO from the
      Second-factor authentication method
      drop-down list.
      • When you add a username and password prompt and a second-factor challenge, the username and password prompt value must be higher than the second-factor challenge value. A successful second-factor challenge resets the trust score, so having a username and password with a lower value would never be triggered.
      • Two second-factor challenges are not allowed because a successful second-factor challenge resets the trust score. Having a second, lower value second-factor challenge would never be triggered.
      • The Alert Only setting requires agent version 1.3 or later.
      • For agent version 1.2 and earlier, if Alert Only is enabled in the device policy, the agent will enforce the username and password mitigation action instead of the Alert Only event.
    3. Click
      Submit
      .
  7. Click
    Create
    .
  • To edit an action, click .
  • To delete an action, select the check box beside the action and click
    Remove From List
    .