A risk policy is determined by the customer’s specific configuration settings as well as intelligence gathered from common use cases, which are then used in event evaluation to calculate risk scores for received events. You need the environment id property value returned in Step 1 to specify the environment resource in the request URL to create the risk policy resource.

The POST /environments/{environmentId}/riskPolicySets/ creates a new risk policy set in the specified environment. In the request body, you must define at least one risk policy in the riskPolicies property array, and the risk policy definition must specify a condition expression and a result. The priority property in the risk policy definition is optional. In this scenario, you will define the whitelist and anonymous network detection policies.