Rules are used to apply an action in case an Anomaly Shield Trigger has been triggered by potentially threatening incoming traffic to an Anomaly Shield Application. A Rule is a resource for Anomaly Shield Applications and can be referenced under Section – Anomaly Response in the Response Rules table.
Field name / setting name | Description | |
|---|---|---|
Name | Assign a unique name for the entry. | |
Tenant | Add tenants to allow tenancy access. See also Multitenancy feature | |
Triggers | One or more triggers can be selected. | |
Actions | Log incident | Enable/disable incident logging. |
Tag session as anomalous | Enable/disable anomalous tag to log incident | |
Terminate session | Enable/disable session termination. | |
Block IP | Enable/disable IP blocking. | |
Remove roles with Role pattern | Regex filtering to withdraw roles in case the anomaly rule has been triggered. Removing the role-based access can be used to trigger a re-authentication, e.g. to request a 2FA token. Note that role removal is executed only once per session. | |