Cisco Secure Application Runtime policies define what runtime behaviors to ignore, detect, or block. The runtime events identify all the attacks and vulnerabilities and the action is taken based on the defined runtime policy. You can create and configure runtime policies to specify an action to mitigate the attacks and vulnerabilities.

To monitor the security of the application, you must create policies. To create policies, you require the Configure permission for Cisco Secure Application. By default, Cisco Secure Application includes a runtime policy that provides the best detection of all the attacks and vulnerabilities, reducing the false positives.