Documentation Index
Fetch the complete documentation index at: https://docs.esperr.com/llms.txt
Use this file to discover all available pages before exploring further.
How Protection Works
When suspicious patterns are detected in your traffic:- Pattern Detection: The engine identifies threats based on your policies.
- Decision Making: Each threat is matched to your configured mitigation.
- Distribution: The active mitigation is made available to downstream services and Hybrid agents.
- Enforcement: Matching requests can be blocked or surfaced in Hybrid deployments.
Protection Strategies
The current runtime mitigation modes are:Block
- Best for: Known attacks, confirmed bad actors
- Response time: Immediate for inline integrations; takes effect on the next sync interval for Hybrid enforcement
Challenge
Marks suspicious traffic for additional verification.- Best for: Traffic protection, account protection
- Current packet-capture behavior: surfaced as a match, not transformed into a redirect
Product DirectionFor application integrations, the intended path is an Esper-managed challenge
flow at the integration boundary. The integration recipes are the current
starting point for that model.
Monitor
Tracks suspicious activity without blocking.- Best for: Learning patterns, false-positive reduction
Receiving Mitigation Decisions
Automatic Enforcement with Edge Capture
When runningesper capture, mitigations can be applied automatically:
Active Mitigations
View currently active protections through:- Dashboard decisions and entity state views
- Edge capture state exposed by your deployed enforcement components