Rule detail page

Anomaly Shield Rule hidden submenu

Rules are used to apply an action in case an Anomaly Shield Trigger has been triggered by potentially threatening incoming traffic to an Anomaly Shield Application. A Rule is a resource for Anomaly Shield Applications and can be referenced under Section – Anomaly Response in the Response Rules table.

Field name / setting name



Assign a unique name for the entry.


Add tenants to allow tenancy access. See also Multitenancy feature


One or more triggers can be selected.


Log incident

Enable/disable incident logging.

Tag session as anomalous

Enable/disable anomalous tag to log incident WR-SG-NMLY-401 and WR-SG-SUMMARY.

Terminate session

Enable/disable session termination.

Block IP

Enable/disable IP blocking.

Remove roles with Role pattern

Regex filtering to withdraw roles in case the anomaly rule has been triggered. Removing the role-based access can be used to trigger a re-authentication, e.g. to request a 2FA token.

Note that role removal is executed only once per session.