Entity risk policy
The entity risk policy monitors your org for entity risk changes related to identity-based threats. These threats include situations such as residual session risk from session hijacking, brute-force attacks, and sign-in events from high-threat IP addresses. The policy records events to the user.risk.detect System Log entry.
Your org includes one entity risk policy. Its default rule is configured for logging actions only, but you can configure additional rules that sign users out of both Okta and eligible apps, or trigger a delegated Workflow. You can also choose not to trigger responses, and let the default rule record events to the System Log. To evaluate your configuration without generating any System Log entries, you can deactivate your configured rules.