Creating custom rules for detection
Published 2 days ago
Published 2 days ago
ernesto
Updated 2 days ago
0
Hi, is it possible to create custom rules for detection and alerting? Currently i only see Allow/Deny Rules.
Thanks,
Brr Brr Patapim
Carrie
Updated 2 days ago
0
In Rate Limiting, you can set up block or challenge rules when it triggers the limit you customize.
In BOT PROTECT & Auth for each app, you can also set specific rules to trigger anti-bot challenge or Authentication.
Are there any other detection rules you want to configure?
Notification/Alerting rules can be configured here (like the image below)
ernesto
Updated a day ago
0
Good morning, thank you for your comprehensive answer.
I wanted to know how to create custom detection rules that do not break the connection but trigger an alert, so that the WAF operates in “passthrough” mode.
Thanks.
Carrie
Updated a day ago
First, if you want to log but allow all attack requests for a specific application, you can switch the detection mode from “Defense” to “Audited”.
Audited mode means the attack will be logged but not blocked. And an alert will be pushed to you as long as you have enabled attack notification.
Carrie
Updated a day ago
0
Second, if you want to allow but still log attack requests when certain conditions are met, there is an option in the allow rule settings:
“Continue to detect and log attack requests even when whitelisting.”
If you check this option, the system will still log and alert on attacks, even though the requests are allowed through.
If I misunderstood your use case, please give a specific example to clarify.