What tuning and analysis will the Threat X team do before moving from inspection to blocking mode?

Threat X performs automated baselining. Depending on the complexity of the site, additional manual baselining may also be performed. Baseline is a set of “whitelisting” rules that are pushed to the sensors via Threat X gateway API.

Threat X employs progressive baselining - new rules maybe added as the application changes.