You want to add an additional layer of security to high-risk Real Time Response commands for your environment. Where do you configure MFA for RTR within the UI?
MFA for Real Time Response is configured under General settings . Falcon Administrators can enable Real Time Response identity verification from Support and resources > Resources and tools > General settings. This applies Falcon MFA to high-risk RTR operations according to the configured trigger, such as before connecting to a host or before executing sensitive commands like run or kill. Response policies determine which RTR commands are available to hosts and users, but they do not configure MFA enforcement. Notifications and containment policies are unrelated to RTR identity verification. The course guide highlights that RTR MFA applies broadly to users in the CID once enabled, regardless of response policy assignment, making General settings the correct administrative location.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit