User state management

When AppSentinels Security Platform detects threat activities carried out against the application, the user's IP address or user ID is added to the Monitored Users list. The list helps track external threat actors and application users by their threat activities, attempts, tactics, and techniques.

Auto-assignment of user state

AppSentinels provides recommendations to block application access or monitor users based on the risk posed by their activities.

• AppSentinels recommends a Block state if the user has used "Privilege Escalation" or "Exfiltration" tactics. 
• AppSentinels recommends a Monitor state if the user has not yet used "Privilege Escalation" or "Exfiltration" tactics.

To let AppSentinels manage the user state, go to Monitored Users in the left navigation. In the Users List view, change the Managed column to System.

Manual state assignment

Users can be blocked, monitored, or whitelisted manually. This may be required to factor in simulated attacks for hardening the application. 

To change the user state manually, change the Managed column to Manual and the State column to one of the three states.

Policy settings for user state

Some settings to manage user states can be configured at the policy level for the entire Dashboard.

• Accept action recommendations - Turning this setting ON sets a new entry in the monitored users to the Block state automatically, irrespective of the attack tactic.
• Enforcement duration - This setting unblocks a Blocked user after a few minutes. This can help reduce efforts around unblocking users manually in case of simulated attacks for hardening the application.