Users have the ability to auto-remediate the Suspicious Login issues in Secure & Govern. Following are the steps listed to configure and enable auto-remediation rules for Suspicious Login issues.
-
Navigate to Settings -> Analysis Rules.
-
Select the desired Issue Type as Suspicious Login.
-
Click on Create an auto-remediation rule.
-
Enter Rule Name and Description. Select Next.
-
Select Match Criteria ANY or ALL.
When “ALL” is selected, all the rule conditions must be met for an issue to be auto-remediated. When “ANY” is selected, auto-remediation will occur when any of the rule conditions are met.
-
Enter Rule Condition
- For Suspicious Login issue type, there are five conditions available for selection. Select the required condition(s). Click on the Add Condition button to add multiple conditions.
- For Suspicious Login issue type, there are five conditions available for selection. Select the required condition(s). Click on the Add Condition button to add multiple conditions.
-
Enter Rule Action
- For Suspicious Login issue type, there are four possible actions available as Deactivate user account, Reset user password, Dismiss issue(s), and Delegate to. Click on Add condition to add more than one possible action.
- For Suspicious Login issue type, there are four possible actions available as Deactivate user account, Reset user password, Dismiss issue(s), and Delegate to. Click on Add condition to add more than one possible action.
- Select Next.
- Select whether or not to Apply this rule to previously detected issues that match the selected criteria and click Next.
- Review the Rule Configuration. Click on Create.
The Back button can be selected at any time to change the rule configuration prior to the rule being created.
-
The Auto-Remediation Rule is created.
Currently, only one auto-remediation rule can be created per issue type.