The Strict mode under the Detect or Enforce mode is used for stronger threat protection. Enabling Strict mode reduces the level of baseline fingerprint deviation allowed; in other words, it performs stricter comparison between the established baseline and currently-running operational behaviors.
In more dynamic processes where devices and access behaviors are more subject to change, this may generate more events.
To enable Strict mode, set the Operations Behavior Anomaly Detection to Detect or Enforce mode, and then toggle on specifc pillars of protection for guarding separate vulnerability points or simply enable them all for maximum defense.
User Login: In the Strict mode, the user accounts and the login activities must exactly match the approved user accounts stored in the baseline; otherwise, events will be generated.
Application Behavior: In the Strict mode, the application behaviors must exactly match the approved application behaviors stored in the baseline; otherwise, events will be generated.