SenseDeep Responses are actions that automatically dispatch and resolve alerts. Responses may also invoke defensive countermeasures to minimize the threat to your site.
You can create an automated alert response when dispatching an alert that will respond to future similar alerts. You can also create a response at anytime via the Add Response option.
The Add Response dialog permits you to customize the response for a specific threat.
The created response will match a specific set of alert threats based upon the select threat check and filter expression.
The threat check field is the name of the check that will scan for the threat condition. Checks are defined in SenseDeep Packages.
For example, a filter expression may look like:
region == 'us-east-1' && ip == '126.96.36.199' && url == '/admin.php'
When defining a response, you can associate a set of defensive countermeasures to be run when an incoming alert is dispatched. Read more in Creating Defenses.
When a response runs, it will typically resolve the alert such that the alert is moved to the Alert History and does not further impact the account security status. An unresolved alert will run nominated defenses, but it will remain in the Alert List and will still impact the account security status when calculating the Attack and Threat status. You will then need to manually resolve and dispatch the alert.