Configure Custom Rules

1. What is a custom rule?

Custom rules allow you to override the AI Threats Detection. Using this feature, the incoming traffic reaching your endpoints can be managed with perfect precision, ensuring that your threat response policy fulfills both security and business needs.

You can add up to 1000 custom rules to your dashboard, creating each rule based on a query up to 1000 characters long.

2. Access your custom rules

To access your custom rules list, go to: Access Control > Custom Rules

3. Add a new custom rule

πŸ“˜

Custom rules limit

If you have reached the authorized custom rules limit, please contact support: [email protected]

πŸ“˜

Custom Rules guidelines

Create custom rules with some granularity (group of partners for instance) to be able to track those groups and possibly implement some timebox/ratelimit if needed in the futur.

To add a custom rule, just hit the button "Create a Custom Rule", you will be redirected to Explore > Custom Rules

To add a new custom rule:

1 - Enter the query (Refer to "Syntax guidelines")
2 - Select the endpoint source and endpoint type the rule has to be applied to (Refer to "what is an endpoint?")
3 - Click on "Check Rule"
4 - Check the result
5 - Click on "Add Rule"
6 - Select the configuration you want to apply to every request that matches the rule:

  • Allow: every request that matches the rule will be allowed
  • Timeboxing: based on a specified time period, part of the traffic will be allowed and the remaining part can be set to Captcha or block
  • Rate Limiting: based on a specified number of requests, part of the traffic will be allowed and the remaining part can be set to Captcha or block
  • Captcha: a Captcha will be displayed for every request that matches the rule
  • Block: every request that matches the rule will be blocked

A pop-up is displayed with the query and the selected endpoint type.
Depending on the configuration you chose, additional settings will be displayed to setup the custom rule.

7 - Add a rule name
8 - Select a priority: if a request matches two custom rules, the rule with the higher priority will be applied first
9 - Depending on the response you selected above, fill in the additional settings:

696

Time Boxing additional settings: you can select the response to apply for traffic incoming outside of the allowed period you set up

696

Rate Limiting additional settings: you can select the response to apply if the requests' count exceeds threshold rate you set up

4. Test a rule

When you add a custom rule, first you have to test the result. You can save the rule after it has been tested.

If the result returned is null, you can:
1 - Expand your time range
2 - Refine your query

Rules can be saved even if the result is empty.

5. Edit / Delete a rule

πŸ“˜

User role

Only "Admin" and "Editor" users have the right to add & delete rules.

To edit or delete a custom rule, just hit the Action menu next to a selected rule and choose "Edit" if you want to edit the rule:

You will then be redirected to the β€œExplore” section enabling you to edit the query, check the matching traffic and update the rule. It is also possible to change the response and/or the name of the rule:

6. View rule requests

Once you have added the rule, you can view the requests by going to Access Control > Custom Rules, you can click on "Explore" button of the action menu in order to view more info about the requests in the "Explore" section (Refer to "How to explore your data?")