Detection customization
The topic explains how to customize the rules that you want to apply for blocking user requests.
Traceable analyzes application activity for anomalies using machine learning. This anomaly detection is further refined by leveraging an open-source set of continuously updated rules called Core Rule Set (CRS). Additionally, certain high-confidence rules are enabled for detection and blocking locally, without engaging Traceable's system intelligence. The high-confidence rules are applied by the Traceable agent without the need of sending your data to the Traceable platform.
Navigate to Administration (
) > Policies page to view and configure these signature-based rules.
The detected threats are listed in the following categories:
    Path manipulation
    Known vulnerabilities
    Request and response metadata anomalies
    Parameter Anomalies
    Cross-Site Scripting (XSS)
    Scanner Detection
    Session Fixation
When you log in to Traceable, all local rules are disabled by default. If you would like to enable local signature-based blocking, it is a good practice to enable detection first and observe the detected events. If you feel confident about detection, only then you should enable the blocking rules. When signature-based blocking rules are enabled, they apply globally to all the endpoints.
Enabling threat detection rules does not by default enable threat actor blocking. You have to enable blocking separately.
Last modified 1mo ago
Export as PDF
Copy link