From the Custom Response page, you can create and manage a custom response configuration. A custom response configuration allows you to direct suspicious traffic to a machine in your network where activity is recorded. Information about the user device that made the request is captured to discover the internal IP addresses of infected machines on the corporate network.
Data collected by a custom response device is not recorded in ETP. Only the information and events gathered from Enterprise Security Connector are available for analysis in ETP.
In a policy, you can select to use a custom response with the block action. This means that blocked traffic is directed to the custom response. If your organization is enabled to use a custom response as part of an acceptable use policy (AUP) configuration and ETP Proxy is not enabled, you can associate a custom response to a block action.