Firewall Rule

firewall_rule

The Firewall Rule object represents a specific rule within a firewall policy or event. It contains information about a rule's configuration, properties, and associated actions that define how network traffic is handled by the firewall.

Contents

Attributes

Caption Name Type Is Array Default Description
Category category String The rule category.
Condition condition String The rule trigger condition for the rule. For example: SQL_INJECTION.
Description desc String The description of the rule that generated the event.
Duration duration Integer The rule response time duration, usually used for challenge completion time.
Match Details match_details String The data in a request that rule matched. For example: '["10","and","1"]'.
Match Location match_location String The location of the matched data in the source which resulted in the triggered firewall rule. For example: HEADER.
Name name String The name of the rule that generated the event.
Rate Limit rate_limit Integer The rate limit for a rate-based rule.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Sensitivity sensitivity String The sensitivity of the firewall rule in the matched event. For example: HIGH.
Type type String The rule type.
Unique ID uid String The unique identifier of the rule that generated the event.
Unmapped Data unmapped Unmapped The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Version version String The rule version. For example: 1.1.

Context

Firewall Rule

JSON

            
{
  "caption": "Firewall Rule",
  "description": "The Firewall Rule object represents a specific rule within a firewall policy or event. It contains information about a rule's configuration, properties, and associated actions that define how network traffic is handled by the firewall.",
  "name": "firewall_rule",
  "extends": "rule",
  "attributes": {
    "condition": {
      "requirement": "optional",
      "caption": "Condition",
      "description": "The rule trigger condition for the rule. For example: SQL_INJECTION.",
      "type": "string_t"
    },
    "sensitivity": {
      "requirement": "optional",
      "caption": "Sensitivity",
      "description": "The sensitivity of the firewall rule in the matched event. For example: HIGH.",
      "type": "string_t"
    },
    "match_location": {
      "requirement": "optional",
      "caption": "Match Location",
      "description": "The location of the matched data in the source which resulted in the triggered firewall rule. For example: HEADER.",
      "type": "string_t"
    },
    "match_details": {
      "requirement": "optional",
      "caption": "Match Details",
      "description": "The data in a request that rule matched. For example: '[\"10\",\"and\",\"1\"]'.",
      "is_array": true,
      "type": "string_t"
    },
    "rate_limit": {
      "requirement": "optional",
      "caption": "Rate Limit",
      "description": "The rate limit for a rate-based rule.",
      "type": "integer_t"
    },
    "duration": {
      "description": "The rule response time duration, usually used for challenge completion time.",
      "requirement": "optional",
      "caption": "Duration",
      "type": "integer_t"
    },
    "category": {
      "description": "The rule category.",
      "requirement": "optional",
      "caption": "Category",
      "type": "string_t"
    },
    "desc": {
      "description": "The description of the rule that generated the event.",
      "requirement": "optional",
      "caption": "Description",
      "type": "string_t"
    },
    "name": {
      "description": "The name of the rule that generated the event.",
      "requirement": "recommended",
      "caption": "Name",
      "type": "string_t"
    },
    "type": {
      "description": "The rule type.",
      "requirement": "optional",
      "caption": "Type",
      "type": "string_t"
    },
    "uid": {
      "description": "The unique identifier of the rule that generated the event.",
      "requirement": "recommended",
      "caption": "Unique ID",
      "type": "string_t"
    },
    "version": {
      "description": "The rule version. For example: <code>1.1</code>.",
      "requirement": "optional",
      "caption": "Version",
      "type": "string_t"
    },
    "raw_data": {
      "group": "context",
      "caption": "Raw Data",
      "description": "The event data as received from the event source.",
      "type": "json_t"
    },
    "record_id": {
      "description": "Unique identifier for the object",
      "group": "primary",
      "requirement": "required",
      "caption": "Record ID",
      "type": "string_t"
    },
    "unmapped": {
      "caption": "Unmapped Data",
      "description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
      "type": "unmapped",
      "is_array": true
    }
  },
  "constraints": {
    "at_least_one": [
      "name",
      "uid"
    ]
  }
}