Actions

Define audit, alerting, parsing and other actions to take when session-level policy rules are matched.

Audit and ignore session actions
Selective audit actions are triggered in analyzers before the parser/logger starts to receive session requests. Selective audit can save sniffer resources by reducing the load on relatively slower modules that limit sniffer performance.
Mark session actions
Mark session (MARK_SESSION) is used to set a trust-level score from session-level policies or to control the learning of the real-time trust evaluator.
Alert and Log actions
Parse actions
Configure actions
The configure action is used to adjust analyzer settings or activate session-level policy features.
Transform actions
Exception actions
Extrusion actions
Use the REDACT and GET_SERVER_DATA actions to manage sensitive data.

Parent topic: Session-level policies