Configure Custom Rules
1. What is a custom rule?
Custom rules allow you to override the AI Threats Detection. Using this feature, the incoming traffic reaching your endpoints can be managed with perfect precision, ensuring that your threat response policy fulfills both security and business needs.
You can add up to 1000 custom rules to your dashboard, creating each rule based on a query up to 1000 characters long.
2. Access your custom rules
To access your custom rules list, go to: Access Control > Custom Rules
3. Add a new custom rule
Custom rules limit
If you have reached the authorized custom rules limit, please contact support: [email protected]
Custom Rules guidelines
Create custom rules with some granularity (group of partners for instance) to be able to track those groups and possibly implement some timebox/ratelimit if needed in the futur.
To add a custom rule, just hit the button "Create a Custom Rule", you will be redirected to Explore > Custom Rules
To add a new custom rule:
1 - Enter the query (Refer to "Syntax guidelines")
2 - Select the endpoint source and endpoint type the rule has to be applied to (Refer to "what is an endpoint?")
3 - Click on "Check Rule"
4 - Check the result
5 - Click on "Add Rule"
6 - Select the configuration you want to apply to every request that matches the rule:
- Allow: every request that matches the rule will be allowed
- Timeboxing: based on a specified time period, part of the traffic will be allowed and the remaining part can be set to Captcha or block
- Rate Limiting: based on a specified number of requests, part of the traffic will be allowed and the remaining part can be set to Captcha or block
- Captcha: a Captcha will be displayed for every request that matches the rule
- Block: every request that matches the rule will be blocked
A pop-up is displayed with the query and the selected endpoint type.
Depending on the configuration you chose, additional settings will be displayed to setup the custom rule.
7 - Add a rule name
8 - Select a priority: if a request matches two custom rules, the rule with the higher priority will be applied first
9 - Depending on the response you selected above, fill in the additional settings:
4. Test a rule
When you add a custom rule, first you have to test the result. You can save the rule after it has been tested.
If the result returned is null, you can:
1 - Expand your time range
2 - Refine your query
Rules can be saved even if the result is empty.
5. Edit / Delete a rule
User role
Only "Admin" and "Editor" users have the right to add & delete rules.
To edit or delete a custom rule, just hit the Action menu next to a selected rule and choose "Edit" if you want to edit the rule:
You will then be redirected to the βExploreβ section enabling you to edit the query, check the matching traffic and update the rule. It is also possible to change the response and/or the name of the rule:
6. View rule requests
Once you have added the rule, you can view the requests by going to Access Control > Custom Rules, you can click on "Explore" button of the action menu in order to view more info about the requests in the "Explore" section (Refer to "How to explore your data?")
Updated about 2 months ago