The following settings can be configured under Submenu - Anomaly Shield Triggers & Rules.
In this part, triggers and rules for Anomaly Shield applications are being configured – each in a separate submenu of the UI. The submenus open up when adding or changing a trigger or rule.
Procedure-related prerequisites
- ●See chapter-related prerequisites.
Instruction – Add a new rule and configure actions
- 1.Add a unique, self-explanatory name into the Name field. The rule name will automatically be checked, i.e. names with blanks will be marked as invalid.
- 2.Add a tenant to the Tenant field, if required/applicable.
- 3.Use the + button to select one or more triggers.
- 4.Configure the actions for your new rule. Options:
- Options:
- ●Log incident – enable/disable incident logging.
- ●Tag session as anomalous – enable/disable anomalous tag to log incident. The anomalous property of the session will be reported in each WR-SG-SUMMARY message with the field ml_anomaly.
- ●Terminate session – enable/disable session termination.
- ●Block IP – enable/disable IP blocking.
- The trigger is now preconfigured. Change back to the submenu Anomaly Shield Triggers & Rules.
Note that actions will only be performed when one or more triggers are enabled.
Example: