You can bulk change the alert, observation, response severity, and automated response configurations for MITRE techniques in a behavioral detection engine (BDE) policy.

1. In the management console, on the menu bar, click Focus > Behavioral Detection Engine.
2. On the Behavioral Detection Policies tab, click a policy.
3. On the Detection And Response tab, select the checkbox for the MITRE techniques that you want to change the configurations for.
   Bulk edit options appear above the MITRE techniques.
4. Do any of these actions:
   • Click Alerts and select the On or Off option. This setting enables detection alerts, which allows Aurora Focus to collect telemetry data and generate alerts in the management console for detections that meet the minimum severity level for the policy.
   • Click Observations and select the On or Off option. This setting enables observations, which allows Aurora Focus to collect, interpret, and analyze telemetry data for all detections, regardless of whether detections meet the minimum severity level for the policy, and regardless of the alert configuration.
   • Click Response severity and select the minimum severity level that must be met for detections to trigger an automated response by the agent.
   • Click Responses to configure the automated responses. A warning message displays which you must read and confirm.
     • Click Remediate action and select the actions that you want to apply and configure for the selected techniques.
       CAUTION: Not all responses are applicable to all techniques. Responses will be applied to the selected techniques only if they are applicable. All responses that were previously configured for the selected techniques will be overwritten.
     • Click Playbook action and select the package playbooks that you want to apply for the selected techniques.
5. Click Save.