In recent years, the concepts of Artificial Intelligence (AI) and Machine Learning (ML)...
1.2.24 Threat Mitigation
- Automated IRP performs a particular threat mitigation action automatically when an attack is detected
- Moderated stands for manual confirmation of the Threat Mitigation action. Once IRP detects an attack, a suggestion to enable the mitigation rule gets displayed in the GMI interface. IRP does not perform any actions without user confirmation. If the action is not enabled in time before a subsequent cycle of checks, IRP reviews the proposal and adjusts it as needed, keeping the recommendation, making a different one, or removing it altogether
- Manual Allows to set up only manual threat mitigation rules
- Disabled IRP does not perform any threat mitigation actions.
1.2.24.1 Configuring Blackholing #