icon-itdr.svg
ITDR

About Threat Detection Policies

The threat detection module actively monitors endpoints in real time to identify identity-based attacks and sends these events to the ITDR Admin Portal. It provides visibility into entitlement misuse, credential exposure, and privilege escalation activities in an Active Directory (AD) domain. You can configure threat detection policies and specify a selection criterion to apply to an endpoint. The endpoint agent fetches the threat detection policy from the ITDR Admin Portal and applies it to the endpoints based on the selection criterion.

About the Threat Detection Page

On the Threat Detection page (ITDR > Manage > Threat Detection), you can do the following:

  1. Evaluate policies.
  2. Create threat detection policies.
  3. View a list of threat detection policies. For each policy, you can view:

    • Name: The name of the threat detection policy.

      Landmine policies in Deception that had ITDR Active Directory capabilities enabled are migrated to threat detection policies in ITDR. These policies have a unique ID appended to the policy name. You can edit the name as required.

    • Selection Criterion: The selection criterion specified for the policy.
    • Policies: The number of ITDR attack detection modules configured for the policy.
  4. Edit or delete policies.

About the Landmine Policies Page

Related Articles
About Threat Detection PoliciesCreating a Threat Detection PolicyEvaluating Threat Detection PoliciesSpecifying Selection CriterionConfiguring the Active Directory Threat Detection ModuleManaging a Threat Detection Policy