Rule types, categories, classifications

Within a policy, rules are evaluated in the order in which they appear as each element of traffic is analyzed.

There are three types of rules:
  • An access rule applies to client requests. For example, it might test for UPDATE commands issued from a specific group of IP addresses.
  • An exception rule evaluates exceptions returned by the server (responses). For example, it might test for five login failures within one minute.
  • An extrusion rule evaluates data returned by the server (in response to requests). For example, it might test the returned data for numeric patterns that could be social security or credit card numbers.

For each rule, an optional Category and Classification can be assigned. These are used to group policy violations for both reporting and incident management.