Airlock Anomaly Shield is preconfigured with a set of (default) trigger patterns and rules that are known to work well for most security requirements.
Custom triggers and rules may be configured to analyze traffic proactively.
For an example configuration of an additional custom trigger and rule, see article Part 2 – Training and model enforcement.