Policy Mode

Policy mode allows you to:

  • Quickly configure a Threat Prevention policy by selecting a predefined policy mode (Detect only, Tuning, or Optimized). The system automatically sets the appropriate operation mode (Detect, Prevent, Off) and Advanced Settings for each capability.

  • Manually configure the operation mode and Advanced Settings for each capability (Custom mode).

Detect only mode

The Detect only mode provides basic protection. We recommend using this mode for the first few days to gather, monitor, and analyze data.

Based on your analysis, switch to Tuning, Optimized, or Custom for enhanced protection.

Important:
If the Detect only mode is used for the Default settings for the entire organization rule for more than two days, the system displays a banner to remind you to configure a stricter policy mode.
Figure 1. Default policy banner

If you click Dismiss, the notification is hidden only for you.

Figure 2. Policy mode flow

If you modify a predefined policy mode, it automatically changes to Custom.