Add a new Anomaly Shield rule
Add a new Anomaly Shield rule and configure actions

The following settings can be configured under Submenu - Anomaly Shield Triggers & Rules.

In this part, triggers and rules for Anomaly Shield applications are being configured – each in a separate submenu of the UI. The submenus open up when adding or changing a trigger or rule.

Procedure-related prerequisites

  • See chapter-related prerequisites.

Instruction – Add a new rule and configure actions

  • 1.
    Add a unique, self-explanatory name into the Name field. The rule name will automatically be checked, i.e. names with blanks will be marked as invalid.
  • 2.
    Add a tenant to the Tenant field, if required/applicable.
  • 3.
    Use the + button to select one or more triggers.
  • 4.
    Configure the actions for your new rule. Options:
    • Options:

      • Note that actions will only be performed when one or more triggers are enabled.

    • Log incident – enable/disable incident logging.
    • Tag session as anomalous – enable/disable anomalous tag to log incident. The anomalous property of the session will be reported in each WR-SG-SUMMARY message with the field ml_anomaly.
    • Terminate session – enable/disable session termination.
    • Block IP – enable/disable IP blocking.
  • The trigger is now preconfigured. Change back to the submenu Anomaly Shield Triggers & Rules.

Example:

Anomaly Shield Rule hidden submenu