Risk Control Rule Components in Playbook View

Risk Control rules are composed of the following types of components:





Circumstance or event that triggers the rule. Some conditions allow configuration of details.


You add more than one condition to trigger the rule by clicking to the right of Start. Events must meet all conditions to trigger the rule.

Targets can also be refined by additional action conditions (below).

  • The user risk score is at least 50 within the last 2 days.

  • The user risk score is at least 50 within the last 2 days AND leaked accounts in discovered users.


The weekly period that the rule is applied, and (optional) the start and end dates of the schedule

Always checks conditions continuously.

  • Always

  • From Monday 01:12 to Sunday 01:12


Devices, users, or user groups on which actions are performed.

  • All users/user groups

Action condition

Additional conditions can be added to refine targets or choose among different actions.

If the user risk score is at least 50


Automatically executed tasks triggered on selected targets.

Disable user account

Revoke Action

Automatically revokes the action once specified conditions are met.

Some actions are irrevocable.

  • The risk score drops below the minimum score specified.

  • None of the specified risk events is triggered again within 24 hours after the action is taken.