Rule types, categories, classifications

Edit online

Within a policy, rules are evaluated in the order in which they appear as each element of traffic is analyzed.

There are multiple rule types:
  • An access rule applies to client requests. For example, it might test for UPDATE commands issued from a specific group of IP addresses.
  • An exception rule evaluates exceptions returned by the server (responses). For example, it might test for five login failures within one minute.
  • An extrusion rule evaluates data returned by the server (in response to requests). For example, it might test the returned data for numeric patterns that could be social security or credit card numbers.
    Note: The extrusion rule type is not applicable to z/OS data sources.
  • In addition, these rule types are available for z/OS data sources:

For each rule, an optional Category and Classification can be assigned. These are used to group policy violations for both reporting and incident management.