Application detail page
Submenu - Anomaly Shield Application (full)

Airlock Anomaly Shield has to be configured for individual applications.

Section – Application

  • Application Name – here, a unique name of the application you want to secure has to be added.
  • Tenant – add tenants to allow tenancy access.
  • Mappings – this field is not directly accessible here. In order to enable your application settings for a mapping, you have to select the new application under Section – Anomaly Shield.

Section – Training Data Collection

The machine learning algorithm requires training data as a reference. For best anomaly detection results, non-relevant data should be excluded in the first place. To achieve this, settings for traffic exclusion can be configured here. All configured exclusions are AND linked.

Section - Training Data Collection
  • Traffic Exclusion
  • Header Name – a regex to exclude certain header names. Example syntax: ^X-Header$
  • Header Value – a regex to exclude certain header values. Example syntax: ^X-Value$
  • Path – a regex to exclude certain paths. Example syntax: ^/path/to/match
  • HTTP Method –a regex to exclude certain HTTP methods. Example syntax: ^(GET|POST)$
  • Content Type – a regex to exclude a certain type of content. Example syntax: ^application/.*
  • IP Exclusions – to select an address:

Section – Anomaly Detection and Response

The machine-learning algorithm has to be configured for thread detection and subsequent response handling. Settings for response rule exceptions can be configured here as AND operations.

Section - Anomaly Detection and Response
  • Threat Handling – Can be set to either Execute actions or Log only.
  • Log session anomaly details – possible values for logging can be:
    • Never – To never write the ML information for the ML application.
    • When session anomaly pattern changes – To only write the ML information on a change in the resulting pattern.
    • When raw session anomaly values change – To only write the ML information on a change in the raw values.
    • For every request – To always write the ML information for the ML application.
  • Response Rules – to add a rule:

Response rules can be restricted by Response Rule Exceptions. This is to prevent false positives.

  • Subsection – Response Rule Exceptions
  • Header Name – a regex to exclude certain header names. Example syntax: ^X-Header$
  • Header Value – a regex to exclude certain header values. Example syntax:
  • Path – a regex to exclude certain paths. Example syntax: ^X-Value$
  • HTTP Method – a regex to exclude certain HTTP methods. Example syntax: ^(GET|POST)$
  • Content Type – a regex to exclude a certain type of content. Example syntax: ^application/.*
  • IP Allow List – to select an address list:
    • Use the + button to select one or more IP addresses that should be on the allow list.
    • IP addresses are managed here: Submenu – IP Address Lists

Further information and links