> ## Documentation Index
> Fetch the complete documentation index at: https://docs.esperr.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Mitigation Server

> Esper's runtime distribution layer for active mitigation decisions — makes active mitigations available to downstream services and Hybrid capture agents.

## How Protection Works

When suspicious patterns are detected in your traffic:

1. **Pattern Detection**: The engine identifies threats based on your policies.
2. **Decision Making**: Each threat is matched to your configured mitigation.
3. **Distribution**: The active mitigation is made available to downstream services and Hybrid agents.
4. **Enforcement**: Matching requests can be blocked or surfaced in Hybrid deployments.

## Protection Strategies

The current runtime mitigation modes are:

### Block

* Best for: Known attacks, confirmed bad actors
* Response time: Immediate for inline integrations; takes effect on the next sync interval for Hybrid enforcement

### Challenge

Marks suspicious traffic for additional verification.

* Best for: Traffic protection, account protection
* Current packet-capture behavior: surfaced as a match, not transformed into a redirect

<Info>
  **Product Direction**

  For application integrations, the intended path is an Esper-managed challenge
  flow at the integration boundary. The integration recipes are the current
  starting point for that model.
</Info>

### Monitor

Tracks suspicious activity without blocking.

* Best for: Learning patterns, false-positive reduction

## Receiving Mitigation Decisions

### Automatic Enforcement with Edge Capture

When running `esper capture`, mitigations can be applied automatically:

```bash theme={null}
esper capture run --enforce
esper capture run --enforce --tenant-id <tenant-id>
```

The Hybrid runtime keeps a local view of your tenant's active mitigations and enforces
against that view.

<Warning>
  **The current packet capture path only enforces locally when the request includes**

  an Esper-managed opaque `X-Esper-Hybrid-Key` header.
</Warning>

## Active Mitigations

View currently active protections through:

* Dashboard decisions and entity state views
* Edge capture state exposed by your deployed enforcement components

## Integration guides

If you want to apply mitigation at a practical stack boundary, start with the
shipped [Integrations](./integrations) guides.
