the code) Define rules to detect a vulnerability exploitation Trigger security responses to be applied (a)Impersonate a user (b) Generate a token User is calling (impersonation) too much OR user is calling (generate_token) too much Lock the user AND Tag the user for review