The Malicious user detection in the app setting has an option to configure Cooling Off Period, this is the timeframe in minutes used by system to decays a user's threat level from high to medium to none if there is no further malicious activity. The maximum value which we can setup is 120mins. We have seen attacker abusing this and resuming the malicious activity once the threat level is brought down. We would like to set this cooling period to higher value. please increase the maximum limit for this setting.