Threat Center

With the Threat Center, you can execute detection rules to swiftly identify threatening actions and respond promptly to mitigate each issue. The Threat Center provides three primary functionalities:

• Setting Detection Rules: A comprehensive catalog of both enabled and disabled rules applicable to your applications, streamlining the process of rule application and management.

• Applying Automated Response: There are multiple ways to apply automated responses to stop threats: by enabling automated remediations, by suspending cloud service users with stale access, or by syncing with your own tools.

• Processing Incidents: Incidents represent the outcomes of detection rules, offering actionable insights into detected threats. These findings, accessible within the product or through external tools, furnish detailed explanations of incidents, along with contextual data crucial for comprehending the nature of each issue.

• Cases: A case is an aggregated set of alerts that together represent a meaningful security finding.

• Viewing Alerts: Select Threat Center > Alerts.

• Alerts Details: Click the Alert Name to view its details panel.

• Resolving Alerts: Each new alert is unresolved by default.

Throughout this chapter on ITP/PCCE, the terms users, accounts, and identities generally refer to cloud service users/accounts or cloud identities, and not to Delinea Platform users.