Automated Response Policies
Contributors Download PDF of this page
Response Policies trigger actions such as taking a snapshot in the event of an attack or abnormal user behavior.
You can set policies on specific devices or all devices. To set a response policy, select Admin > Automated Response Policies and click the appropriate *Policy button. You can create policies for Attacks or for Warnings.
You must save the policy with a unique name.
To disable an automated response action (for example, Take Snapshot), simply un-check the action and save the policy.
When an alert is triggered against the specified devices (or all devices, if selected), the automated response policy takes a snapshot of your data. You can see snapshot status on the Alert detail page.
You can modify or pause an Automated Response Policy by choosing the option in the policy’s drop-down menu.