Configure Mitigation Rules
Mitigation rules assign actions, such as Block or Captcha challenge, to account takeover attempts for varying levels of risk.
By default, the Account Takeover Protection mitigation strategy provides the appropriate level of protection for most customer scenarios.
If you find that the default strategy is not sufficiently addressing your needs, you can configure custom settings, manually assigning a mitigation action to each attack probability.
Then you can run a simulation to assess the impact of your protection strategy and view the results.
Open the configuration page
To view or configure the mitigation strategy for your site:
On the Account Takeover Protection dashboard, click Configure mitigation.
Evaluate the default protection strategy
The default Account Takeover Protection mitigation strategy blocks all malicious account takeover attempts with a high risk probability.
Hover over the HIGH link on the screen to view statistics on high-risk traffic to your site.
Configure a custom protection strategy
Click the Custom Protection Strategy toggle button to display the custom settings.
- Configure your mitigation strategy and simulate the impact:
Assign a mitigation action to each attack probability. For more details on attack probability, see Account Takeover Protection.
Action Description Block Blocks the login request and does not allow the user to log in. Captcha The user is presented with a captcha challenge before being allowed to log in. None No action is taken.
Click Simulate to see how your configuration applies to recent account takeover attempts. For example, you may see that based on your current strategy, an excessively high percentage of your customers will get a CAPTCHA challenge, leading you to reconsider your settings.
Apply the configuration:
When you are satisfied with your strategy, click Apply Configuration to activate the rules for your site.