Entity risk policy
The entity risk policy monitors your org for entity risk changes related to identity-based threats. These threats include situations such as residual session risk from session hijacking, brute-force attacks, and sign-in events from high-threat IP addresses. The policy records events to the user.risk.detect System Log entry.
Your org includes one entity risk policy to which you can add multiple rules. It comes with one default entity risk policy rule, which is configured only for logging actions. You can configure custom rules that address specific threats. You can configure responses in these rules to sign your users out of apps as well as Okta, or trigger a Workflow. You can also choose not to trigger responses, and let the default rule record events to the System Log. To evaluate your configuration without generating any System Log entries, you can deactivate your configured rules.