Skip Navigation
  1. BlackBerry Docs
  2. Behavioral Detection Getting Started Guide
  3. Best practice: Tuning your environment

Best practice: Tuning your environment

  1. As a best practice, start with assigning the default BDE policy to devices and monitor the alerts prior to enabling automated responses. During this observation period, identify any alerts triggered by legitimate business applications and then add exceptions for them so that business continuity can be maintained when you enable automated responses. You can easily add exceptions from the Alerts view using the
    Actions
     menu.
  2. Continue to monitor and review all alerts with
    High
     severity to determine if additional exceptions are required to remove unwanted alerts. You can apply filters in the
    Alerts
     screen to quickly find these alerts. For example, click the
    Product
     column heading, and then filter for
    CylanceOPTICS
     alerts. By default, the alerts with the highest severity are displayed at the top of the filter results.
  3. After the recommended observation period of seven to ten days has passed without any alerts triggered by legitimate business applications and no unwanted alerts, you are ready to enable automated responses and start enforcement.
    • If you want to enable automated responses for a detection technique, set the
      Automated response severity
       setting to
      High only
      .  For the remediation actions, add
      Display Desktop Notification
      ,
      Log Off Remote Users
       and
      Terminate Process Tree
      .
    • To start enforcement, edit the device policy to change the BDE policy operating mode from
      Alert only
       to
      Full enforcement
      .