What action is taken when the PTA detects a risky command in a session?

When the Privileged Threat Analytics (PTA) detects a risky command during a session, the session is automatically suspended. This action is designed to protect the system and maintain security by immediately stopping any potential harmful activity without delay. Suspending the session allows for immediate investigation into the command that was flagged as risky, ensuring that threats are managed effectively.

This proactive measure helps to contain any potential damage by halting the user’s access while allowing security teams to analyze the situation before any further action is taken. It is a critical step in a comprehensive security strategy, as it prioritizes the safety of the environment by reacting swiftly to detected risks. Other options, such as logging the command for future analysis or notifying the user, do not provide the same level of immediate protection and may allow harmful actions to continue.