Configure Custom Rules

1. What is a custom rule?

Custom rules allow you to override the AI detection. Using this feature, the incoming traffic reaching your endpoints can be managed with perfect precision, ensuring that your threat response policy fulfills both security and business needs.

You can add up to a 1000 custom rules to your dashboard, creating each rule based on a query up to 1500 characters long.

2. Access your custom rules

To access your custom rules list, go to: Custom Rules > All

3. Add a new custom rule

To add a custom rule, go to: Explore > Custom Rules

To add a new custom rule:

1 - Enter the query (Refer to "Syntax guidelines")
2 - Select the endpoint type the rule has to be applied to (Refer to "what is an endpoint?")
3 - Click on "Check Rule"
4 - Check the result
5 - Click on "Add Rule"
6 - Select the configuration you want to apply to every request that matches the rule:

  • Whitelist: every request that matches the rule will be whitelisted
  • Timeboxing: based on a specified time period, part of the traffic will be whitelisted and the remaining part can be set to Captcha or block
  • Rate Limiting: based on a specified number of requests, part of the traffic will be whitelisted and the remaining part can be set to Captcha or block
  • Captcha: a Captcha will be displayed for every request that matches the rule
  • Block: every request that matches the rule will be blocked

A pop-up is displayed with the query and the selected endpoint type.
Depending on the configuration you chose, additional settings will be displayed to setup the custom rule.

7 - Add a rule name
8 - Select a priority: if a request matches two custom rules, the rule with the higher priority will be applied first
9 - Depending on the response you selected above, fill in the additional settings:

Time Boxing additional settings: you can select the response to apply for traffic incoming outside of the whitelist period you set upTime Boxing additional settings: you can select the response to apply for traffic incoming outside of the whitelist period you set up

Time Boxing additional settings: you can select the response to apply for traffic incoming outside of the whitelist period you set up

Rate Limiting additional settings: you can select the response to apply if the requests' count exceeds threshold rate you set upRate Limiting additional settings: you can select the response to apply if the requests' count exceeds threshold rate you set up

Rate Limiting additional settings: you can select the response to apply if the requests' count exceeds threshold rate you set up

4. Test a rule

When you add a custom rule, first you have to test the result. You can save the rule after it has been tested.

If the result returned is null, you can:
1 - Expand your time range
2 - Refine your query

Rules can be saved even if the result is empty.

5. Edit / Delete a rule

To edit a custom rule, click the “Edit” icon next to a selected rule:

You will then be redirected to the “Explore” section enabling you to edit the query, check the matching traffic and update the rule. It is also possible to change the response and/or the name of the rule:

To delete a rule go to Custom Rules > All > Delete

6. View rule requests

Once you have added the rule, you can view the requests by going to Custom Rules > All

You can click on:

  • "See Bot IPs" in order to view the IPs details.
  • "See More" in order to view more info about the requests in the "Explore" section (Refer to "How to explore your data?")

📘

User role

Only "Admin" and "Editor" users have the right to add & delete rules.

📘

Custom rules limit

If you have reached the authorized custom rules limit, please contact support: [email protected]