As a best practice, start with assigning the default BDE policy to devices and monitor the alerts prior to enabling automated responses. During this observation period, identify any alerts triggered by legitimate business applications and then add exceptions for them so that business continuity can be maintained when you enable automated responses. You can easily add exceptions from the Alerts view using the Actions menu.
Continue to monitor and review all alerts with High severity to determine if additional exceptions are required to remove unwanted alerts. You can apply filters in the Alerts screen to quickly find these alerts. For example, click the Product column heading, and then filter for Aurora Focus alerts. By default, the alerts with the highest severity are displayed at the top of the filter results.
After the recommended observation period of seven to ten days has passed without any alerts triggered by legitimate business applications and no unwanted alerts, you are ready to enable automated responses and start enforcement.
If you want to enable automated responses for a detection technique, set the Automated response severity setting to High only. For the remediation actions, add Display Desktop Notification, Log Off Remote Users and Terminate Process Tree.
To start enforcement, edit the device policy to change the BDE policy operating mode from Alert only to Full enforcement.
