• To add customized behaviors to your network, visit Timus Manager, then select Zero Trust Security> Behaviors. This allows you to expand on the default behaviors provided by ZTNA for more comprehensive risk assessments in network use cases.

• To find your network's pre-configured behaviors, go to the Name and Details parameters page. These behavior settings are already set up for your network and can be viewed and adjusted if necessary. The general information of the default behaviors displayed on the page are as follows:

1. New Device - Default Compare with the last 10 authentications.

2. Out of Radius - Default When the Radius from the location is 50 miles. Last 3 locations

3. New Country - Default Compare with the last 5 authentications.

4. Impossible Travel - Default When the assumed maximum speed is 1000 mph.

5. Last Sign-In Date - Default Last sign-on date older than 30 days.

6. Untrusted IP - Default

7. Breached E-mail Address - Default Include Breaches and Disclosures that occurred within the last 180 days.

8. Consecutive Failures at Same Account - Default When consecutive failures are 5 times.

9. Consecutive Failures at Any Account - Default When consecutive failures are 5 times.

• You can get more information about a behavior by clicking on the ">" symbol next to its name.

• To customize the default behavior, click on the ellipsis icon (three dots) next to the "Details" option.

• This will open the Edit feature where you can make changes according to your preferences.

• Moreover, you can create a new behavior by copying the default behavior with just one click on the Copy Feature.

• This way, you can modify the copied behavior without affecting the original.

To create custom behaviors for your network policies, do the following:

1. On the right side of the page, find the Create Behavior button.

2. Click on the Create Behavior button to start creating a new behavior.

3. Follow the prompts and provide the necessary information to define the behavior.

4. Enter a Name select a Behavior Type - the behavior classification of Timus for the ZTNA trigger.

5. Click Confirm.

New Device

This behavior is triggered when users attempt to sign in to the system from a different device than the previous devices they successfully signed in with.

New Geo-Location

This behavior is triggered when users attempt to log into the system from a different location than their previous successful signed-in locations.

New Country

This behavior is triggered when users attempt to sign in to the system from a new country than the previous countries they successfully signed in from.

Impossible Travel

This behavior is triggered if there is an unusual time and distance between the user's last sign attempts.

Last Sign-On Date

This behavior is triggered if more than the specified time has passed since the user's last successful login.

Untrusted IP

This behavior is triggered when the user tries to sign in with an untrusted IP address.

An IP address is tagged as “untrusted” if it has recently been involved in abusive activities, or is part of the TOR network, or is part of a proxy network.

Certain public IP addresses can be used for malicious purposes, causing them to be tagged as Untrusted IPs by Timus ZTNA framework. Those IP addresses may then be given to legitimate users by the IPs. If you use Untrusted IP behavior to deny user or admin sign-ins, their sign-ins will be denied until their IP addresses become trusted again, or they start using other trusted IP addresses.

Breached E-mail Address - Default

This behavior is triggered if there have been any breaches or disclosures within the selected days.

Consecutive Failures for the Same Account This behavior is triggered if more than a specified number of failed login attempts have been tried to the same user's account.

Consecutive Failures at Any Account

This behavior is triggered if more than a specified number of failed login attempts have been tried on any user's account.